Commit 66eba0ff authored May 27, 2026 by Florian Westphal Committed by Pablo Neira Ayuso Jun 01, 2026

netfilter: conntrack_irc: fix possible out-of-bounds read

When parsing fails after we've matched the command string we
should bail out instead of trying to match a different command.

This helper should be deprecated, given prevalence of TLS I doubt it has
any relevance in 2026.

Fixes: 869f37d8 ("[NETFILTER]: nf_conntrack/nf_nat: add IRC helper port")
Closes: https://sashiko.dev/#/patchset/20260525182924.28456-1-fw%40strlen.de


Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 2fcba19c

net/netfilter/nf_conntrack_irc.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -203,7 +203,7 @@ static int help(struct sk_buff *skb, unsigned int protoff,
		if (parse_dcc(data, data_limit, &dcc_ip,
		&dcc_port, &addr_beg_p, &addr_end_p)) {
		pr_debug("unable to parse dcc command\n");
		continue;
		goto out;
		}

		pr_debug("DCC bound ip/port: %pI4:%u\n",
		@@ -217,7 +217,7 @@ static int help(struct sk_buff *skb, unsigned int protoff,
		net_warn_ratelimited("Forged DCC command from %pI4: %pI4:%u\n",
		&tuple->src.u3.ip,
		&dcc_ip, dcc_port);
		continue;
		goto out;
		}

		exp = nf_ct_expect_alloc(ct);