netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack

Add missing counter decrement to prevent out of bounds memory read.

Signed-off-by: Eric Sesterhenn <[email protected]>
Acked-by: Florian Westphal <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>

diff --git a/net/netfilter/nf_conntrack_h323_asn1.c b/net/netfilter/nf_conntrack_h323_asn1.c
index 7831aa1effc9c4e46d4878de4239723219fb8132..cf1bf2605c1027207a86889f93da667d8b2313b9 100644 (file)
--- a/net/netfilter/nf_conntrack_h323_asn1.c
+++ b/net/netfilter/nf_conntrack_h323_asn1.c
@@ -877,6 +877,7 @@ int DecodeQ931(unsigned char *buf, size_t sz, Q931 *q931)
                if (sz < 1)
                        break;
                len = *p++;
+               sz--;
                if (sz < len)
                        break;
                p += len;