From: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
Date: Mon, 9 Oct 2017 05:01:14 +0000 (+0200)
Subject: netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=e8daf27c2fea38e16a791780952aa5dff1c409fe;p=linux.git

netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack

Add missing counter decrement to prevent out of bounds memory read.

Signed-off-by: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/nf_conntrack_h323_asn1.c b/net/netfilter/nf_conntrack_h323_asn1.c
index 7831aa1effc9c..cf1bf2605c102 100644
--- a/net/netfilter/nf_conntrack_h323_asn1.c
+++ b/net/netfilter/nf_conntrack_h323_asn1.c
@@ -877,6 +877,7 @@ int DecodeQ931(unsigned char *buf, size_t sz, Q931 *q931)
 		if (sz < 1)
 			break;
 		len = *p++;
+		sz--;
 		if (sz < len)
 			break;
 		p += len;