linux/include/net/netfilter
Yasuyuki Kozakai ddc8d029ac [NETFILTER]: nf_conntrack: check address family when finding protocol module
__nf_conntrack_{l3}proto_find() doesn't check the passed protocol family,
then it's possible to touch out of the array which has only AF_MAX items.

Spotted by Pablo Neira Ayuso.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-02-04 23:51:17 -08:00
..
ipv4 [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipv6 [NETFILTER]: Add nf_conntrack subsystem. 2005-11-09 16:38:16 -08:00
nf_conntrack.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
nf_conntrack_compat.h [NETFILTER]: Add nf_conntrack subsystem. 2005-11-09 16:38:16 -08:00
nf_conntrack_core.h [NETFILTER]: Add nf_conntrack subsystem. 2005-11-09 16:38:16 -08:00
nf_conntrack_helper.h [NETFILTER]: Add ctnetlink port for nf_conntrack 2006-01-05 12:19:05 -08:00
nf_conntrack_l3proto.h [NETFILTER]: nf_conntrack: check address family when finding protocol module 2006-02-04 23:51:17 -08:00
nf_conntrack_protocol.h [NETFILTER]: Add ctnetlink port for nf_conntrack 2006-01-05 12:19:05 -08:00
nf_conntrack_tuple.h [NET]: Use NIP6_FMT in kernel.h 2006-01-13 14:29:07 -08:00