[NETFILTER] conntrack_netlink: Fix endian issue with status from userspace

When we send "status" from userspace, we forget to convert the endianness. This patch adds the reqired conversion. Thanks to Pablo Neira for discovering this. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Harald Welte <laforge@netfilter.org> 2005-10-10 23:52:51 -0400
committer: David S. Miller <davem@davemloft.net> 2005-10-10 23:52:51 -0400
commit: d000eaf7720cb12cd03cd3d55f71be44357d27a9 (patch)
tree: cbdb3e64a427adedf7f6ec4a75b338d1731bc9ee
parent: b3a91d037a2575040f9b6a483f60c407a3d80368 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index b08a432efcf8..eade2749915a 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -833,7 +833,8 @@ out:
 static inline int
 ctnetlink_change_status(struct ip_conntrack *ct, struct nfattr *cda[])
 {
-        unsigned long d, status = *(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1]);
+        unsigned long d;
+        unsigned status = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1]));
        d = ct->status ^ status;
        if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING))
author	Harald Welte <laforge@netfilter.org>	2005-10-10 23:52:51 -0400
committer	David S. Miller <davem@davemloft.net>	2005-10-10 23:52:51 -0400
commit	d000eaf7720cb12cd03cd3d55f71be44357d27a9 (patch)
tree	cbdb3e64a427adedf7f6ec4a75b338d1731bc9ee
parent	b3a91d037a2575040f9b6a483f60c407a3d80368 (diff)

diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c index b08a432efcf8..eade2749915a 100644 --- a/net/ipv4/netfilter/ip_conntrack_netlink.c +++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -833,7 +833,8 @@ out:
833	static inline int	833	static inline int
834	ctnetlink_change_status(struct ip_conntrack ct, struct nfattr cda[])	834	ctnetlink_change_status(struct ip_conntrack ct, struct nfattr cda[])
835	{	835	{
836	unsigned long d, status = (u_int32_t )NFA_DATA(cda[CTA_STATUS-1]);	836	unsigned long d;
		837	unsigned status = ntohl((u_int32_t )NFA_DATA(cda[CTA_STATUS-1]));
837	d = ct->status ^ status;	838	d = ct->status ^ status;
838		839
839	if (d & (IPS_EXPECTED\|IPS_CONFIRMED\|IPS_DYING))	840	if (d & (IPS_EXPECTED\|IPS_CONFIRMED\|IPS_DYING))