[PATCH 3/4] skip sizechecking when not specified
Pablo Neira
pablo at netfilter.org
Thu Nov 10 02:04:11 CET 2005
This patch applies to nfnetlink. Skip sizecheck if the size of the
attribute wasn't specified, ie. zero.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
-------------- next part --------------
Skip sizecheck if the size of the attribute wasn't specified, ie. zero.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
Index: netfilter-2.6.14.git/include/linux/netfilter/nfnetlink.h
===================================================================
--- netfilter-2.6.14.git.orig/include/linux/netfilter/nfnetlink.h 2005-11-06 19:31:06.000000000 +0100
+++ netfilter-2.6.14.git/include/linux/netfilter/nfnetlink.h 2005-11-06 19:31:28.000000000 +0100
@@ -154,11 +154,14 @@ extern void nfattr_parse(struct nfattr *
#define nfattr_bad_size(tb, max, cta_min) \
({ int __i, __res = 0; \
- for (__i=0; __i<max; __i++) \
+ for (__i=0; __i<max; __i++) { \
+ if (!cta_min[__i]) \
+ continue; \
if (tb[__i] && NFA_PAYLOAD(tb[__i]) < cta_min[__i]){ \
__res = 1; \
break; \
} \
+ } \
__res; \
})
More information about the netfilter-devel
mailing list