[netfilter-cvslog] r3554 -
trunk/patch-o-matic-ng/osf/linux/net/ipv4/netfilter
kaber at netfilter.org
kaber at netfilter.org
Mon Jan 3 00:42:20 CET 2005
Author: kaber at netfilter.org
Date: 2005-01-03 00:42:19 +0100 (Mon, 03 Jan 2005)
New Revision: 3554
Modified:
trunk/patch-o-matic-ng/osf/linux/net/ipv4/netfilter/ipt_osf.c
Log:
Fix up ipt_osf.c for 2.6 (Evgeniy Polyakov <johnpol at 2ka.mipt.ru>)
Modified: trunk/patch-o-matic-ng/osf/linux/net/ipv4/netfilter/ipt_osf.c
===================================================================
--- trunk/patch-o-matic-ng/osf/linux/net/ipv4/netfilter/ipt_osf.c 2005-01-02 23:34:48 UTC (rev 3553)
+++ trunk/patch-o-matic-ng/osf/linux/net/ipv4/netfilter/ipt_osf.c 2005-01-02 23:42:19 UTC (rev 3554)
@@ -157,20 +157,30 @@
int *hotdrop)
{
struct ipt_osf_info *info = (struct ipt_osf_info *)matchinfo;
- struct iphdr *ip = skb->nh.iph;
- struct tcphdr *tcp;
+ struct iphdr _iph, *ip;
+ struct tcphdr _tcph, *tcp;
int fmatch = FMATCH_WRONG, fcount = 0;
unsigned long totlen, optsize = 0, window;
unsigned char df, *optp = NULL, *_optp = NULL;
+ unsigned char opts[MAX_IPOPTLEN];
char check_WSS = 0;
struct list_head *ent;
struct osf_finger *f;
+ int off;
- if (!ip || !info)
+ if (!info)
return 0;
+
+ off = 0;
+
+ ip = skb_header_pointer(skb, off, sizeof(_iph), &_iph);
+ if (!ip)
+ return 0;
- tcp = (struct tcphdr *)((u_int32_t *)ip + ip->ihl);
-
+ tcp = skb_header_pointer(skb, off + ip->ihl * 4, sizeof(_tcph), &_tcph);
+ if (!tcp)
+ return 0;
+
if (!tcp->syn)
return 0;
@@ -180,8 +190,16 @@
if (tcp->doff*4 > sizeof(struct tcphdr))
{
- _optp = optp = (char *)(tcp+1);
optsize = tcp->doff*4 - sizeof(struct tcphdr);
+
+ if (optsize > sizeof(opts))
+ {
+ log("%s: BUG: too big options size: optsize=%lu, max=%d.\n",
+ __func__, optsize, sizeof(opts));
+ optsize = sizeof(opts);
+ }
+
+ _optp = optp = skb_header_pointer(skb, off + ip->ihl*4 + sizeof(_tcph), optsize, opts);
}
/* Actually we can create hash/table of all genres and search
@@ -374,7 +392,7 @@
if (optp)
{
optsize = tcp->doff * 4 - sizeof(struct tcphdr);
- if (skb_copy_bits(skb, ip->ihl*4 + sizeof(struct tcphdr),
+ if (skb_copy_bits(skb, off + ip->ihl*4 + sizeof(struct tcphdr),
opt, optsize) < 0)
{
if (info->flags & IPT_OSF_LOG)
More information about the netfilter-cvslog
mailing list