[PATCH 2.4 8/10]: fixes for ip6t_multiport
Yasuyuki Kozakai
yasuyuki.kozakai at toshiba.co.jp
Wed Dec 1 09:07:30 CET 2004
This patch fixes following bugs in ip6t_multiport.c,
- missing check the size of the preference data.
- IP6T_INV_PROTO should check with not ip->flags but ip->invflags.
Signed-off-by: Yasuyuki KOZAKAI <yasuyuki.kozakai at toshiba.co.jp>
-----------------------------------------------------------------
Yasuyuki KOZAKAI @ USAGI Project <yasuyuki.kozakai at toshiba.co.jp>
-------------- next part --------------
--- linux-2.4.28-rc1/./net/ipv6/netfilter/ip6t_multiport.c 2001-10-31 08:08:12.000000000 +0900
+++ linux-2.4.28-rc1-extfix/./net/ipv6/netfilter/ip6t_multiport.c 2004-11-10 00:51:45.000000000 +0900
@@ -74,9 +74,12 @@ checkentry(const char *tablename,
{
const struct ip6t_multiport *multiinfo = matchinfo;
+ if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_multiport)))
+ return 0;
+
/* Must specify proto == TCP/UDP, no unknown flags or bad count */
return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP)
- && !(ip->flags & IP6T_INV_PROTO)
+ && !(ip->invflags & IP6T_INV_PROTO)
&& matchsize == IP6T_ALIGN(sizeof(struct ip6t_multiport))
&& (multiinfo->flags == IP6T_MULTIPORT_SOURCE
|| multiinfo->flags == IP6T_MULTIPORT_DESTINATION
More information about the netfilter-devel
mailing list