On Tue, Feb 02, 2016 at 09:40:04PM +0800, Zhouyi Zhou wrote:
> diff --git a/net/netfilter/nf_conntrack_h323_main.c
> b/net/netfilter/nf_conntrack_h323_main.c
> index 9511af0..8d24c4b 100644
> --- a/net/netfilter/nf_conntrack_h323_main.c
> +++ b/net/netfilter/nf_conntrack_h323_main.c
> @@ -110,6 +1
I think hackers chould build a malicious h323 packet to overflow
the pointer p which will panic during the memcpy(addr, p, len)
For example, he may fabricate a very large taddr->ipAddress.ip.
In order to avoid this, I add a valid memory reference check in
get_h2x5_addr functions.
As suggested by
