aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Graf <tgraf@suug.ch>2006-03-07 17:56:12 -0500
committerDavid S. Miller <davem@davemloft.net>2006-03-07 17:56:12 -0500
commit850a9a4e3c019ce67e3bc29c810ac213ec4c169e (patch)
treee5ecac1ef9c88cdfabea26de440158b526afbe8a
parentd0b004840bd3b5ff2f2a0ad14fa0bd43349f5175 (diff)
[NETFILTER] ip_queue: Fix wrong skb->len == nlmsg_len assumption
The size of the skb carrying the netlink message is not equivalent to the length of the actual netlink message due to padding. ip_queue matches the length of the payload against the original packet size to determine if packet mangling is desired, due to the above wrong assumption arbitary packets may not be mangled depening on their original size. Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/netfilter/ip_queue.c2
-rw-r--r--net/ipv6/netfilter/ip6_queue.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 36339eb39e17..08f80e2ea2aa 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -524,7 +524,7 @@ ipq_rcv_skb(struct sk_buff *skb)
524 write_unlock_bh(&queue_lock); 524 write_unlock_bh(&queue_lock);
525 525
526 status = ipq_receive_peer(NLMSG_DATA(nlh), type, 526 status = ipq_receive_peer(NLMSG_DATA(nlh), type,
527 skblen - NLMSG_LENGTH(0)); 527 nlmsglen - NLMSG_LENGTH(0));
528 if (status < 0) 528 if (status < 0)
529 RCV_SKB_FAIL(status); 529 RCV_SKB_FAIL(status);
530 530
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 5027bbe6415e..af0635084df8 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -522,7 +522,7 @@ ipq_rcv_skb(struct sk_buff *skb)
522 write_unlock_bh(&queue_lock); 522 write_unlock_bh(&queue_lock);
523 523
524 status = ipq_receive_peer(NLMSG_DATA(nlh), type, 524 status = ipq_receive_peer(NLMSG_DATA(nlh), type,
525 skblen - NLMSG_LENGTH(0)); 525 nlmsglen - NLMSG_LENGTH(0));
526 if (status < 0) 526 if (status < 0)
527 RCV_SKB_FAIL(status); 527 RCV_SKB_FAIL(status);
528 528