[netfilter-cvslog] r3608 - trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter

[yasuyuki at netfilter.org]

Author: yasuyuki at netfilter.org
Date: 2005-01-22 20:11:03 +0100 (Sat, 22 Jan 2005)
New Revision: 3608

Modified:
   trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
Log:
fixed invalid memory access



Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c	2005-01-22 19:05:07 UTC (rev 3607)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c	2005-01-22 19:11:03 UTC (rev 3608)
@@ -48,24 +48,24 @@
 static int ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
 			     struct nf_conntrack_tuple *tuple)
 {
-	if (skb_copy_bits(skb, nhoff + offsetof(struct ipv6hdr, saddr),
-			  &tuple->src.u3.ip6, sizeof(tuple->src.u3.ip6)))
-		return 0;
+	u_int32_t _addrs[8], *ap;
 
-	if (skb_copy_bits(skb, nhoff + offsetof(struct ipv6hdr, daddr),
-			  &tuple->dst.u3.ip6, sizeof(tuple->src.u3.ip6)))
+	ap = skb_header_pointer(skb, nhoff + offsetof(struct ipv6hdr, saddr),
+				sizeof(_addrs), _addrs);
+	if (ap == NULL)
 		return 0;
 
+	memcpy(tuple->src.u3.ip6, ap, sizeof(tuple->src.u3.ip6));
+	memcpy(tuple->dst.u3.ip6, ap + 4, sizeof(tuple->dst.u3.ip6));
+
 	return 1;
 }
 
 static int ipv6_invert_tuple(struct nf_conntrack_tuple *tuple,
 			     const struct nf_conntrack_tuple *orig)
 {
-	memcpy(&tuple->src.u3.ip6, &orig->dst.u3.ip6,
-	       sizeof(tuple->src.u3.ip6));
-	memcpy(&tuple->dst.u3.ip6, &orig->src.u3.ip6,
-	       sizeof(tuple->dst.u3.ip6));
+	memcpy(tuple->src.u3.ip6, orig->dst.u3.ip6, sizeof(tuple->src.u3.ip6));
+	memcpy(tuple->dst.u3.ip6, orig->src.u3.ip6, sizeof(tuple->dst.u3.ip6));
 
 	return 1;
 }