[PATCH 2/2] [NETFILTER] PPTP helper: Fix endianness bug in GRE key / CallID NAT

Harald Welte laforge at netfilter.org
Thu Nov 3 13:05:20 CET 2005 

Hi Acme!

Please merge this to both 2.6.15 mainline and 2.6.14.x stable series,
thanks.

[NETFILTER] PPTP helper: Fix endianness bug in GRE key / CallID NAT

This endianness bug slipped through while changing the 'gre.key' field in the
conntrack tuple from 32bit to 16bit.

None of my tests caught the problem, since the linux pptp client always has
'0' as call id / gre key.  Only windows clients actually trigger the bug.

Signed-off-by: Harald Welte <laforge at netfilter.org>

---
commit 66d73ebf14b8bb18647eabca9975d7ceb787cb29
tree b92bab972b99c11ead4ca05d152ab78f741fc41f
parent f6447dcd8a4f13b144c9f49df76682c31562a003
author Harald Welte <laforge at hanuman.de.gnumonks.org> Thu, 03 Nov 2005 12:55:06 +0100
committer Harald Welte <laforge at hanuman.de.gnumonks.org> Thu, 03 Nov 2005 12:55:06 +0100

 net/ipv4/netfilter/ip_nat_proto_gre.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/netfilter/ip_nat_proto_gre.c b/net/ipv4/netfilter/ip_nat_proto_gre.c
--- a/net/ipv4/netfilter/ip_nat_proto_gre.c
+++ b/net/ipv4/netfilter/ip_nat_proto_gre.c
@@ -139,8 +139,8 @@ gre_manip_pkt(struct sk_buff **pskb,
 			break;
 		case GRE_VERSION_PPTP:
 			DEBUGP("call_id -> 0x%04x\n", 
-				ntohl(tuple->dst.u.gre.key));
-			pgreh->call_id = htons(ntohl(tuple->dst.u.gre.key));
+				ntohs(tuple->dst.u.gre.key));
+			pgreh->call_id = tuple->dst.u.gre.key;
 			break;
 		default:
 			DEBUGP("can't nat unknown GRE version\n");
-- 
- Harald Welte <laforge at netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20051103/f264faf8/attachment.pgp

More information about the netfilter-devel mailing list