From nobody Sun Jun 14 04:09:39 2026 Received: from out-12.smtp.spacemail.com (out-12.smtp.spacemail.com [198.54.127.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 680403AE6EB; Sun, 3 May 2026 08:32:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.54.127.83 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777797164; cv=none; b=hBeMJjOwjpIyaUvAAyLmKzvV3FhTjUb4ADdz623Oo3E8ulRPm966RBEighd2WOcO+3YhuOmnFAPTTu52qmmgQLxYi+A64FMf+6WjuuT7NMS8ze6fnhoi11QRtRjXJ9pZ1pmCWH9YwhmqGVUxI3eBN1EZs+QkqOzgqDjWNr4DSfk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777797164; c=relaxed/simple; bh=eyPhzYcrMzmxsVNdoq0bw3cqjHHIYUCAuGDdTQ8vbOE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cftgL/ZLiJL+qbOmJhaRhPsVy+meort8MnYZG+AwVgXr5Kyn12sp9GJuMazhlmUFHeet3eW17zGpVRtiJ4Ql21bnLImvk2p++VtSpmveOOh0JEdKLaNmgrJ8vVt2A78DipRLRizuDt2nCwIIG6gJNr7kR+fPj8ymx/pAqS90iyw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rexion.ai; spf=pass smtp.mailfrom=rexion.ai; dkim=fail (0-bit key) header.d=rexion.ai header.i=@rexion.ai header.b=RxLF9KJQ reason="key not found in DNS"; arc=none smtp.client-ip=198.54.127.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rexion.ai Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rexion.ai Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=rexion.ai header.i=@rexion.ai header.b="RxLF9KJQ" Received: from Kyren (unknown [49.207.224.37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.spacemail.com (Postfix) with ESMTPSA id 4g7dLm6Kg9z8sc7; Sun, 03 May 2026 08:32:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rexion.ai; s=spacemail; t=1777797156; bh=H1UwZxXtA1OhepmdQC3uiluz+P1XCqaIsWNP6kKMuIk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RxLF9KJQ+pyB/GqRnJ00lXqXcgrwyTYLrpRZhWoYaogVNesHhkyu6KgsAzUbnoo18 lIxClUZsp0ojroLhrUixyYQrcbHNSB/wfAxO3s3SqcFtSlYUM/OaCXoWibT6AKaLci xa+nhAj91NvpuMHvduDN0p2HU1Y3d3EtKwtYEqyKanKMW+iHnJOjaPfAcnL6/rx1dr oJIynVzvO1d98shL1RC7irHdDLkQvmaIQAlpEwanZukVM6Kof8Nm9EiU+7dSjJSSzy OrK1LWXy1NBRm/GHSdu0+wFqmtILF8m+WfNiZH8Gl2PQJaTTq+QJ0gRRBy32tOlrEw ixWfuxQrs8Dxg== From: HACKE-RC To: Pablo Neira Ayuso , Florian Westphal Cc: Phil Sutter , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, HACKE-RC Subject: [PATCH net-next v3 1/4] netfilter: conntrack: add shared port and uint parsers for helpers Date: Sun, 3 May 2026 14:02:17 +0530 Message-ID: <20260503083220.630655-2-rc@rexion.ai> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260503083220.630655-1-rc@rexion.ai> References: <20260503083220.630655-1-rc@rexion.ai> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Envelope-From: rc@rexion.ai Content-Type: text/plain; charset="utf-8" Add nf_ct_helper_parse_uint() for bounded unsigned integer parsing from an unterminated buffer, and nf_ct_helper_parse_port() which calls it with max=3D65535 and rejects port zero. Both helpers are exported so conntrack protocol helpers can replace ad-hoc simple_strtoul() usage. Signed-off-by: HACKE-RC --- include/net/netfilter/nf_conntrack_helper.h | 5 +++ net/netfilter/nf_conntrack_helper.c | 39 +++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netf= ilter/nf_conntrack_helper.h index de2f956ab..ab145fcd9 100644 --- a/include/net/netfilter/nf_conntrack_helper.h +++ b/include/net/netfilter/nf_conntrack_helper.h @@ -160,6 +160,11 @@ nf_ct_helper_expectfn_find_by_name(const char *name); struct nf_ct_helper_expectfn * nf_ct_helper_expectfn_find_by_symbol(const void *symbol); =20 +int nf_ct_helper_parse_uint(const char *cp, unsigned int len, + unsigned long max, unsigned long *val, char **endp); +int nf_ct_helper_parse_port(const char *cp, unsigned int len, + u16 *port, char **endp); + extern struct hlist_head *nf_ct_helper_hash; extern unsigned int nf_ct_helper_hsize; =20 diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntra= ck_helper.c index a715304a5..f6229957c 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c @@ -499,6 +499,45 @@ void nf_nat_helper_unregister(struct nf_conntrack_nat_= helper *nat) } EXPORT_SYMBOL_GPL(nf_nat_helper_unregister); =20 +int nf_ct_helper_parse_uint(const char *cp, unsigned int len, + unsigned long max, unsigned long *val, char **endp) +{ + unsigned long result =3D 0; + + if (!len || *cp < '0' || *cp > '9') + return -1; + + while (len > 0 && *cp >=3D '0' && *cp <=3D '9') { + result =3D result * 10 + (*cp - '0'); + if (result > max) + return -1; + cp++; + len--; + } + + *val =3D result; + if (endp) + *endp =3D (char *)cp; + + return 0; +} +EXPORT_SYMBOL_GPL(nf_ct_helper_parse_uint); + +int nf_ct_helper_parse_port(const char *cp, unsigned int len, + u16 *port, char **endp) +{ + unsigned long val; + + if (nf_ct_helper_parse_uint(cp, len, 65535, &val, endp)) + return -1; + if (val =3D=3D 0) + return -1; + + *port =3D val; + return 0; +} +EXPORT_SYMBOL_GPL(nf_ct_helper_parse_port); + int nf_conntrack_helper_init(void) { nf_ct_helper_hsize =3D 1; /* gets rounded up to use one page */ --=20 2.54.0 From nobody Sun Jun 14 04:09:39 2026 Received: from out-03.smtp.spacemail.com (out-03.smtp.spacemail.com [63.250.43.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 918DD3AE18F; Sun, 3 May 2026 08:32:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=63.250.43.88 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777797168; cv=none; b=UptsNGNmaKiOqQ24bymYAM0F/UNZw9ahHXIIqFVi47VN2/C57Khz6raqAYrBGkksYBA5kvIz99HfylFhQA1pChxVmPwQIaWoKiooEvNHdZJSJpXA+ve8XN2/UlYjnRkgJ9STDkOx5VUFJDBQZeace8GCgOmwW961QvdrlX3CnC0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777797168; c=relaxed/simple; bh=BAXgMmZoWgTPFjt7XDGP1bmdkbgyrtKmxKELB1n6rZM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fKeR1Kd5T+EkFRmXPg2nKV6X8J2hbx5oVX5v0z/vU1gd0FMocufGREGXvkaJ8eg66tbrEJKeOda4P8pk1wuWvFjfx7LtHQgTFnnhG4rd4y3I5KcOtGsuJIAzGewjlQEJANCMkg0TR55N17b0zlF6ZlQtDvyI9RY+5j0ZcYSP3X8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rexion.ai; spf=pass smtp.mailfrom=rexion.ai; dkim=fail (0-bit key) header.d=rexion.ai header.i=@rexion.ai header.b=LsyyN2Ji reason="key not found in DNS"; arc=none smtp.client-ip=63.250.43.88 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rexion.ai Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rexion.ai Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=rexion.ai header.i=@rexion.ai header.b="LsyyN2Ji" Received: from Kyren (unknown [49.207.224.37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.spacemail.com (Postfix) with ESMTPSA id 4g7dLs0Wjbz8sc7; Sun, 03 May 2026 08:32:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rexion.ai; s=spacemail; t=1777797160; bh=yWHWMBOnJe+2nuPfat7/83G7fQtGgpLEP8FXNjZryYU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=LsyyN2Ji9WB5HCs9Mv8TnVujP4mDFw54Zk1v3Lb0DYR0qdl7C/oNIgGEV+qvm3bUr qaDIMz5CRTWETHFlcBMQnusvc+wk47AQQNgLQ9Do+UsFdBqQKlPxL9qM2OOEiSbwnY CyB3dWQZZCg5/63rJA4mY2BzSUjuSWAXSYwLST9C6+3QX5saHs48h8zwESZmpEdyoJ TxtWHoC0n9kwdkEXp+znvMupmJYw12pZgVuLbonSpkW/OaplCjq6knferG1goAdAMz g22pt8wB0z8JzIcXWFiVCj6OtUFpgJaf9kLvMKXapPGUJghajZ2RJ7TP/Agtmtzd+n u68b7HZ/bwGRg== From: HACKE-RC To: Pablo Neira Ayuso , Florian Westphal Cc: Phil Sutter , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, HACKE-RC Subject: [PATCH net-next v3 2/4] netfilter: nf_conntrack_irc: use nf_ct_helper_parse_port() Date: Sun, 3 May 2026 14:02:18 +0530 Message-ID: <20260503083220.630655-3-rc@rexion.ai> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260503083220.630655-1-rc@rexion.ai> References: <20260503083220.630655-1-rc@rexion.ai> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Envelope-From: rc@rexion.ai Content-Type: text/plain; charset="utf-8" Replace simple_strtoul() with the new nf_ct_helper_parse_port() helper. This removes the dependency on NUL-terminated strings and adds an explicit port range check, rejecting port 0 and values above 65535. Fixes: 869f37d8e48f ("netfilter: nf_conntrack_irc - Fix uninitialised varia= ble warning") Signed-off-by: HACKE-RC --- net/netfilter/nf_conntrack_irc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_= irc.c index 522183b9a..1b51f5a6a 100644 --- a/net/netfilter/nf_conntrack_irc.c +++ b/net/netfilter/nf_conntrack_irc.c @@ -93,7 +93,9 @@ static int parse_dcc(char *data, const char *data_end, __= be32 *ip, data++; } =20 - *port =3D simple_strtoul(data, &data, 10); + if (nf_ct_helper_parse_port(data, data_end - data, port, &data)) + return -1; + *ad_end_p =3D data; =20 return 0; --=20 2.54.0 From nobody Sun Jun 14 04:09:39 2026 Received: from out-13.smtp.spacemail.com (out-13.smtp.spacemail.com [63.250.43.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B2F13AD508; Sun, 3 May 2026 08:32:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=63.250.43.96 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777797172; cv=none; b=JWP3uDH4/79wInQYYCtprl8JbWf3wyqed1mPEg6SKT7vmRrKjt3B48Chw7atiTzlKy14mPiFtOYykkXcD//G1xwC1uNZIhfWTWJkWFXhtKXDoYbVCAr7MA6IeruF5ZZtjbJ9WqJ3YaYEUM0zHHPRsjmUSJ7QMgPqf+q3rZOCQek= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777797172; c=relaxed/simple; bh=7+OtTcSi3j2IBmO1D9XL1RlcOQN0GcUfX//8dJ3E1DY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=XIEZBpPccaUHKRj2EZNQkHIvm7o6vj7EnivyoWpmz/1s7gz0qmLhk0tIDrTYEVZ1CIeYG8SI6JTesicFzSTUhzhiVU1ODAF3Ef+gMOsr2MV4T3+30EdXVj/WbFI10sWv5qXaeAEM4SJrMoAw49TvdX4/jqVDMedcsawQVqElsMc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rexion.ai; spf=pass smtp.mailfrom=rexion.ai; dkim=fail (0-bit key) header.d=rexion.ai header.i=@rexion.ai header.b=l7ARc+xT reason="key not found in DNS"; arc=none smtp.client-ip=63.250.43.96 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rexion.ai Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rexion.ai Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=rexion.ai header.i=@rexion.ai header.b="l7ARc+xT" Received: from Kyren (unknown [49.207.224.37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.spacemail.com (Postfix) with ESMTPSA id 4g7dLx28Lnz8sc7; Sun, 03 May 2026 08:32:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rexion.ai; s=spacemail; t=1777797165; bh=HI0hFyyueMYp+zi669wZ/Jih9kqfRtZ1thk4taphQEU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=l7ARc+xTuE4J90MzxV8cV16qV4uIwZ1IOersSJL8SqoAPXE5I6ow72khsZXPsnFo5 qx6kiU+X1vYdwPjVdoI6689rjHbOesplnbp+KG6d4zBlQiJ+klBHI9mHdm3XfGyWVq y5J6U9fBSCiBZE/CTPOxrfxtUdLyEhKVp/YMZDDVXx9uwS8NeAj5uDSQS4dX2dQFGQ BTYZMg6HOWP3gWz/+RiCsVO749HYJWcemQkOidTByByY4f+jNpKqQzTsUFLNmJo2jx MK6WGKhAVfnOtlT784p/puO1PGIzr+3LrdTUE/EWKVvd32bsOnxzsdrO+BLrnQD8m8 KLoalh02xQG9A== From: HACKE-RC To: Pablo Neira Ayuso , Florian Westphal Cc: Phil Sutter , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, HACKE-RC Subject: [PATCH net-next v3 3/4] netfilter: nf_conntrack_amanda: use nf_ct_helper_parse_port() Date: Sun, 3 May 2026 14:02:19 +0530 Message-ID: <20260503083220.630655-4-rc@rexion.ai> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260503083220.630655-1-rc@rexion.ai> References: <20260503083220.630655-1-rc@rexion.ai> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Envelope-From: rc@rexion.ai Content-Type: text/plain; charset="utf-8" Replace simple_strtoul() with the new nf_ct_helper_parse_port() helper. This removes the dependency on NUL-terminated strings and adds an explicit port range check, rejecting port 0 and values above 65535. Fixes: 16958900578b ("netfilter: nf_conntrack_amanda: the match is called '= amanda', not 'AMANDA'") Signed-off-by: HACKE-RC --- net/netfilter/nf_conntrack_amanda.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntra= ck_amanda.c index d2c09e8dd..30b5c4b84 100644 --- a/net/netfilter/nf_conntrack_amanda.c +++ b/net/netfilter/nf_conntrack_amanda.c @@ -88,11 +88,12 @@ static int amanda_help(struct sk_buff *skb, struct nf_conntrack_expect *exp; struct nf_conntrack_tuple *tuple; unsigned int dataoff, start, stop, off, i; + nf_nat_amanda_hook_fn *nf_nat_amanda; char pbuf[sizeof("65535")], *tmp; + int ret =3D NF_ACCEPT; u_int16_t len; + u16 parsed_port; __be16 port; - int ret =3D NF_ACCEPT; - nf_nat_amanda_hook_fn *nf_nat_amanda; =20 /* Only look at packets from the Amanda server */ if (CTINFO2DIR(ctinfo) =3D=3D IP_CT_DIR_ORIGINAL) @@ -132,10 +133,10 @@ static int amanda_help(struct sk_buff *skb, break; pbuf[len] =3D '\0'; =20 - port =3D htons(simple_strtoul(pbuf, &tmp, 10)); - len =3D tmp - pbuf; - if (port =3D=3D 0 || len > 5) + if (nf_ct_helper_parse_port(pbuf, len, &parsed_port, &tmp)) break; + port =3D htons(parsed_port); + len =3D tmp - pbuf; =20 exp =3D nf_ct_expect_alloc(ct); if (exp =3D=3D NULL) { --=20 2.54.0 From nobody Sun Jun 14 04:09:39 2026 Received: from out-21.smtp.spacemail.com (out-21.smtp.spacemail.com [66.29.159.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF139264617; Sun, 3 May 2026 08:40:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=66.29.159.70 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777797601; cv=none; b=VurgI/Zjpb/Xl+364n77zu6R4Rytp9anZzt05wdtV0apZMfqJfJTKuKhXkB+LI/+Gl47EZXvb0b3K7BnDgqsS14Uo5UVSLaJWQ2lB4oFCiUR3IfERztACgeCgr6p6jUEmXkKViW49O5SR3Uq3CcJ6/FJyafoi6pzCWvJpqfwkqs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777797601; c=relaxed/simple; bh=nR2UvrQhwXbHczxiyNhOgWKmudrRc0WInr0MsJ9wdoQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rDlZ9yffOo8GFQrpMdmQjbsmXvXxqffkRl26T6oWGbgoupoxVS7Y+7VeoQwKoRrQ+XIbnr84DZoyiGN0I4DW4C8xm620i5RTMVkhztJjTOQ71xpTRYWtBxfa/8wP0PO4Hn8I4HtGV1rf1Nic1mvp6Jhc08oVkU5QcdKqSvo1bVg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rexion.ai; spf=pass smtp.mailfrom=rexion.ai; dkim=fail (0-bit key) header.d=rexion.ai header.i=@rexion.ai header.b=GaqI1600 reason="key not found in DNS"; arc=none smtp.client-ip=66.29.159.70 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=rexion.ai Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=rexion.ai Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=rexion.ai header.i=@rexion.ai header.b="GaqI1600" Received: from Kyren (unknown [49.207.224.37]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.spacemail.com (Postfix) with ESMTPSA id 4g7dM16sHVz8sc7; Sun, 03 May 2026 08:32:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rexion.ai; s=spacemail; t=1777797169; bh=UWHDX60T6C3pWblSNBnfc+v9Si2dLL5tyuqjr8YWHtM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GaqI1600Mw4HShgJETvm96UwJwiqOUcV1FSxhU8bHxLqdE14Vi1IjIHXfVUQjcw8P 5Sh1+RaUzR2GTSj3YbfFg6vPOtsAlG8ckMEDKOuxMn71xabRj1QwNFuOKKkKsiHrOC gYWy03DP8KdYtjz3quRMBxUlCQ5qpxmKCx70/7tQWVFxDbjani4HsTke0hbxPVQZ8y HUmrPCq3D9NIQFDoRzqaO1GHX16QucNbRNzFu6paCZUblrMxO5Z8H+TkgA13EA6vEE q1GCWUnZVmrLn3njPOTYixpsQr2TrGpYygBoGHXND5Qh++Pl1rbJ5NLBi+Rx3Ah5Qz +BXNw0nIJSnqw== From: HACKE-RC To: Pablo Neira Ayuso , Florian Westphal Cc: Phil Sutter , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, HACKE-RC Subject: [PATCH net-next v3 4/4] netfilter: nf_conntrack_sip: use nf_ct_helper_parse_port() Date: Sun, 3 May 2026 14:02:20 +0530 Message-ID: <20260503083220.630655-5-rc@rexion.ai> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260503083220.630655-1-rc@rexion.ai> References: <20260503083220.630655-1-rc@rexion.ai> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Envelope-From: rc@rexion.ai Content-Type: text/plain; charset="utf-8" Replace simple_strtoul() based port parsing in ct_sip_parse_request() and ct_sip_parse_header_uri() with nf_ct_helper_parse_port(), which handles the bounded parse without requiring NUL-termination. The SIP-specific minimum port check (>=3D 1024) is retained as before. Signed-off-by: HACKE-RC --- net/netfilter/nf_conntrack_sip.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_= sip.c index 182cfb119..ac29f0762 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c @@ -241,7 +241,7 @@ int ct_sip_parse_request(const struct nf_conn *ct, { const char *start =3D dptr, *limit =3D dptr + datalen, *end; unsigned int mlen; - unsigned int p; + u16 p; int shift =3D 0; =20 /* Skip method and following whitespace */ @@ -269,8 +269,9 @@ int ct_sip_parse_request(const struct nf_conn *ct, return -1; if (end < limit && *end =3D=3D ':') { end++; - p =3D simple_strtoul(end, (char **)&end, 10); - if (p < 1024 || p > 65535) + if (nf_ct_helper_parse_port(end, limit - end, &p, (char **)&end)) + return -1; + if (p < 1024) return -1; *port =3D htons(p); } else @@ -509,7 +510,7 @@ int ct_sip_parse_header_uri(const struct nf_conn *ct, c= onst char *dptr, union nf_inet_addr *addr, __be16 *port) { const char *c, *limit =3D dptr + datalen; - unsigned int p; + u16 p; int ret; =20 ret =3D ct_sip_walk_headers(ct, dptr, dataoff ? *dataoff : 0, datalen, @@ -522,8 +523,9 @@ int ct_sip_parse_header_uri(const struct nf_conn *ct, c= onst char *dptr, return -1; if (*c =3D=3D ':') { c++; - p =3D simple_strtoul(c, (char **)&c, 10); - if (p < 1024 || p > 65535) + if (nf_ct_helper_parse_port(c, limit - c, &p, (char **)&c)) + return -1; + if (p < 1024) return -1; *port =3D htons(p); } else --=20 2.54.0