Skip to content
Commit e8d5dfd1 authored by David Leadbeater's avatar David Leadbeater Committed by Florian Westphal
Browse files

netfilter: nf_conntrack_irc: Tighten matching on DCC message 

CTCP messages should only be at the start of an IRC message, not
anywhere within it.

While the helper only decodes packes in the ORIGINAL direction, its
possible to make a client send a CTCP message back by empedding one into
a PING request.  As-is, thats enough to make the helper believe that it
saw a CTCP message.

Fixes: 869f37d8

 ("[NETFILTER]: nf_conntrack/nf_nat: add IRC helper port")
Signed-off-by: default avatarDavid Leadbeater <dgl@dgl.cx>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
parent 25b327d4
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment