[netfilter-cvslog] r3608 -
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter
yasuyuki at netfilter.org
yasuyuki at netfilter.org
Sat Jan 22 20:11:04 CET 2005
Author: yasuyuki at netfilter.org
Date: 2005-01-22 20:11:03 +0100 (Sat, 22 Jan 2005)
New Revision: 3608
Modified:
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
Log:
fixed invalid memory access
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c 2005-01-22 19:05:07 UTC (rev 3607)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c 2005-01-22 19:11:03 UTC (rev 3608)
@@ -48,24 +48,24 @@
static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
struct nf_conntrack_tuple *tuple)
{
- if (skb_copy_bits(skb, nhoff + offsetof(struct ipv6hdr, saddr),
- &tuple->src.u3.ip6, sizeof(tuple->src.u3.ip6)))
- return 0;
+ u_int32_t _addrs[8], *ap;
- if (skb_copy_bits(skb, nhoff + offsetof(struct ipv6hdr, daddr),
- &tuple->dst.u3.ip6, sizeof(tuple->src.u3.ip6)))
+ ap = skb_header_pointer(skb, nhoff + offsetof(struct ipv6hdr, saddr),
+ sizeof(_addrs), _addrs);
+ if (ap == NULL)
return 0;
+ memcpy(tuple->src.u3.ip6, ap, sizeof(tuple->src.u3.ip6));
+ memcpy(tuple->dst.u3.ip6, ap + 4, sizeof(tuple->dst.u3.ip6));
+
return 1;
}
static int ipv6_invert_tuple(struct nf_conntrack_tuple *tuple,
const struct nf_conntrack_tuple *orig)
{
- memcpy(&tuple->src.u3.ip6, &orig->dst.u3.ip6,
- sizeof(tuple->src.u3.ip6));
- memcpy(&tuple->dst.u3.ip6, &orig->src.u3.ip6,
- sizeof(tuple->dst.u3.ip6));
+ memcpy(tuple->src.u3.ip6, orig->dst.u3.ip6, sizeof(tuple->src.u3.ip6));
+ memcpy(tuple->dst.u3.ip6, orig->src.u3.ip6, sizeof(tuple->dst.u3.ip6));
return 1;
}
More information about the netfilter-cvslog
mailing list