aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorThomas Jacob <jacob@internet24.de>2011-01-24 15:35:36 -0500
committerPatrick McHardy <kaber@trash.net>2011-01-24 15:35:36 -0500
commit08b5194b5d6485d12ebf24cf6ee389fc55691122 (patch)
treebda499516fd0fc9c045a17b9e14251acd84ae330 /net
parentc71caf4114a0e1da3451cc92fba6a152929cd4c2 (diff)
netfilter: xt_iprange: Incorrect xt_iprange boundary check for IPv6
iprange_ipv6_sub was substracting 2 unsigned ints and then casting the result to int to find out whether they are lt, eq or gt each other, this doesn't work if the full 32 bits of each part can be used in IPv6 addresses. Patch should remedy that without significant performance penalties. Also number of ntohl calls can be reduced this way (Jozsef Kadlecsik). Signed-off-by: Thomas Jacob <jacob@internet24.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/xt_iprange.c16
1 files changed, 7 insertions, 9 deletions
diff --git a/net/netfilter/xt_iprange.c b/net/netfilter/xt_iprange.c
index 88f7c3511c72..73c33a42f87f 100644
--- a/net/netfilter/xt_iprange.c
+++ b/net/netfilter/xt_iprange.c
@@ -53,15 +53,13 @@ iprange_mt4(const struct sk_buff *skb, struct xt_action_param *par)
53} 53}
54 54
55static inline int 55static inline int
56iprange_ipv6_sub(const struct in6_addr *a, const struct in6_addr *b) 56iprange_ipv6_lt(const struct in6_addr *a, const struct in6_addr *b)
57{ 57{
58 unsigned int i; 58 unsigned int i;
59 int r;
60 59
61 for (i = 0; i < 4; ++i) { 60 for (i = 0; i < 4; ++i) {
62 r = ntohl(a->s6_addr32[i]) - ntohl(b->s6_addr32[i]); 61 if (a->s6_addr32[i] != b->s6_addr32[i])
63 if (r != 0) 62 return ntohl(a->s6_addr32[i]) < ntohl(b->s6_addr32[i]);
64 return r;
65 } 63 }
66 64
67 return 0; 65 return 0;
@@ -75,15 +73,15 @@ iprange_mt6(const struct sk_buff *skb, struct xt_action_param *par)
75 bool m; 73 bool m;
76 74
77 if (info->flags & IPRANGE_SRC) { 75 if (info->flags & IPRANGE_SRC) {
78 m = iprange_ipv6_sub(&iph->saddr, &info->src_min.in6) < 0; 76 m = iprange_ipv6_lt(&iph->saddr, &info->src_min.in6);
79 m |= iprange_ipv6_sub(&iph->saddr, &info->src_max.in6) > 0; 77 m |= iprange_ipv6_lt(&info->src_max.in6, &iph->saddr);
80 m ^= !!(info->flags & IPRANGE_SRC_INV); 78 m ^= !!(info->flags & IPRANGE_SRC_INV);
81 if (m) 79 if (m)
82 return false; 80 return false;
83 } 81 }
84 if (info->flags & IPRANGE_DST) { 82 if (info->flags & IPRANGE_DST) {
85 m = iprange_ipv6_sub(&iph->daddr, &info->dst_min.in6) < 0; 83 m = iprange_ipv6_lt(&iph->daddr, &info->dst_min.in6);
86 m |= iprange_ipv6_sub(&iph->daddr, &info->dst_max.in6) > 0; 84 m |= iprange_ipv6_lt(&info->dst_max.in6, &iph->daddr);
87 m ^= !!(info->flags & IPRANGE_DST_INV); 85 m ^= !!(info->flags & IPRANGE_DST_INV);
88 if (m) 86 if (m)
89 return false; 87 return false;