diff options
| author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-02-05 14:10:29 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-02-05 14:10:29 -0500 |
| commit | 98bd0c07b60e029cf53eb76c027c27548dd66e9b (patch) | |
| tree | 8542c44cc8d1f05a533fb82e04173549196f112d /net/ipv6 | |
| parent | 5e375bc7d586e0df971734a5a5f1f080ffd89b68 (diff) | |
| parent | 7918d212df31fb7ddfb317c5a8dccdcec647d754 (diff) | |
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 7 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_policy.c | 7 |
2 files changed, 11 insertions, 3 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 847068fd3367..74ff56c322f4 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -978,6 +978,13 @@ do_replace(void __user *user, unsigned int len) | |||
| 978 | if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) | 978 | if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) |
| 979 | return -EFAULT; | 979 | return -EFAULT; |
| 980 | 980 | ||
| 981 | /* overflow check */ | ||
| 982 | if (tmp.size >= (INT_MAX - sizeof(struct xt_table_info)) / NR_CPUS - | ||
| 983 | SMP_CACHE_BYTES) | ||
| 984 | return -ENOMEM; | ||
| 985 | if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters)) | ||
| 986 | return -ENOMEM; | ||
| 987 | |||
| 981 | newinfo = xt_alloc_table_info(tmp.size); | 988 | newinfo = xt_alloc_table_info(tmp.size); |
| 982 | if (!newinfo) | 989 | if (!newinfo) |
| 983 | return -ENOMEM; | 990 | return -ENOMEM; |
diff --git a/net/ipv6/netfilter/ip6t_policy.c b/net/ipv6/netfilter/ip6t_policy.c index afe1cc4c18a5..3d39ec924041 100644 --- a/net/ipv6/netfilter/ip6t_policy.c +++ b/net/ipv6/netfilter/ip6t_policy.c | |||
| @@ -26,8 +26,9 @@ MODULE_LICENSE("GPL"); | |||
| 26 | static inline int | 26 | static inline int |
| 27 | match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e) | 27 | match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e) |
| 28 | { | 28 | { |
| 29 | #define MATCH_ADDR(x,y,z) (!e->match.x || \ | 29 | #define MATCH_ADDR(x,y,z) (!e->match.x || \ |
| 30 | ((ip6_masked_addrcmp((z), &e->x, &e->y)) == 0) ^ e->invert.x) | 30 | ((!ip6_masked_addrcmp(&e->x.a6, &e->y.a6, z)) \ |
| 31 | ^ e->invert.x)) | ||
| 31 | #define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x)) | 32 | #define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x)) |
| 32 | 33 | ||
| 33 | return MATCH_ADDR(saddr, smask, (struct in6_addr *)&x->props.saddr.a6) && | 34 | return MATCH_ADDR(saddr, smask, (struct in6_addr *)&x->props.saddr.a6) && |
| @@ -91,7 +92,7 @@ match_policy_out(const struct sk_buff *skb, const struct ip6t_policy_info *info) | |||
| 91 | return 0; | 92 | return 0; |
| 92 | } | 93 | } |
| 93 | 94 | ||
| 94 | return strict ? 1 : 0; | 95 | return strict ? i == info->len : 0; |
| 95 | } | 96 | } |
| 96 | 97 | ||
| 97 | static int match(const struct sk_buff *skb, | 98 | static int match(const struct sk_buff *skb, |