diff options
| author | Thomas Graf <tgraf@suug.ch> | 2006-03-07 17:56:12 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2006-03-07 17:56:12 -0500 |
| commit | 850a9a4e3c019ce67e3bc29c810ac213ec4c169e (patch) | |
| tree | e5ecac1ef9c88cdfabea26de440158b526afbe8a /net/ipv6 | |
| parent | d0b004840bd3b5ff2f2a0ad14fa0bd43349f5175 (diff) | |
[NETFILTER] ip_queue: Fix wrong skb->len == nlmsg_len assumption
The size of the skb carrying the netlink message is not
equivalent to the length of the actual netlink message
due to padding. ip_queue matches the length of the payload
against the original packet size to determine if packet
mangling is desired, due to the above wrong assumption
arbitary packets may not be mangled depening on their
original size.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_queue.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index 5027bbe6415e..af0635084df8 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c | |||
| @@ -522,7 +522,7 @@ ipq_rcv_skb(struct sk_buff *skb) | |||
| 522 | write_unlock_bh(&queue_lock); | 522 | write_unlock_bh(&queue_lock); |
| 523 | 523 | ||
| 524 | status = ipq_receive_peer(NLMSG_DATA(nlh), type, | 524 | status = ipq_receive_peer(NLMSG_DATA(nlh), type, |
| 525 | skblen - NLMSG_LENGTH(0)); | 525 | nlmsglen - NLMSG_LENGTH(0)); |
| 526 | if (status < 0) | 526 | if (status < 0) |
| 527 | RCV_SKB_FAIL(status); | 527 | RCV_SKB_FAIL(status); |
| 528 | 528 | ||