6 files changed, 13 insertions, 7 deletions
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 4420948a1bfe..807c021d64a2 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -1978,7 +1978,7 @@ static int sf_setstate(struct ifmcaddr6 *pmc)
                        new_in = psf->sf_count[MCAST_INCLUDE] != 0;
                if (new_in) {
                        if (!psf->sf_oldin) {
-                                struct ip6_sf_list *prev = 0;
+                                struct ip6_sf_list *prev = NULL;
                                for (dpsf=pmc->mca_tomb; dpsf;
                                     dpsf=dpsf->sf_next) {
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 847068fd3367..74ff56c322f4 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -978,6 +978,13 @@ do_replace(void __user *user, unsigned int len)
        if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
                return -EFAULT;
+        /* overflow check */
+        if (tmp.size >= (INT_MAX - sizeof(struct xt_table_info)) / NR_CPUS -
+                        SMP_CACHE_BYTES)
+                return -ENOMEM;
+        if (tmp.num_counters >= INT_MAX / sizeof(struct xt_counters))
+                return -ENOMEM;
        newinfo = xt_alloc_table_info(tmp.size);
        if (!newinfo)
                return -ENOMEM;
diff --git a/net/ipv6/netfilter/ip6t_policy.c b/net/ipv6/netfilter/ip6t_policy.c
index afe1cc4c18a5..3d39ec924041 100644
--- a/net/ipv6/netfilter/ip6t_policy.c
+++ b/net/ipv6/netfilter/ip6t_policy.c
@@ -26,8 +26,9 @@ MODULE_LICENSE("GPL");
 static inline int
 match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e)
 {
-#define MATCH_ADDR(x,y,z)       (!e->match.x || \
+#define MATCH_ADDR(x,y,z)       (!e->match.x ||                                \
-                                 ((ip6_masked_addrcmp((z), &e->x, &e->y)) == 0) ^ e->invert.x)
+                                 ((!ip6_masked_addrcmp(&e->x.a6, &e->y.a6, z)) \
+                                  ^ e->invert.x))
 #define MATCH(x,y)              (!e->match.x || ((e->x == (y)) ^ e->invert.x))
        
        return MATCH_ADDR(saddr, smask, (struct in6_addr *)&x->props.saddr.a6) &&
@@ -91,7 +92,7 @@ match_policy_out(const struct sk_buff *skb, const struct ip6t_policy_info *info)
                        return 0;
        }
-        return strict ? 1 : 0;
+        return strict ? i == info->len : 0;
 }
 static int match(const struct sk_buff *skb,
diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c
index 50a13e75d70e..4238b1ed8860 100644
--- a/net/ipv6/proc.c
+++ b/net/ipv6/proc.c
@@ -38,7 +38,7 @@ static int fold_prot_inuse(struct proto *proto)
        int res = 0;
        int cpu;
-        for (cpu=0; cpu<NR_CPUS; cpu++)
+        for_each_cpu(cpu)
                res += proto->stats[cpu].inuse;
        return res;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 66f1d12ea578..738376cf0c51 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -35,7 +35,6 @@
 #include <linux/skbuff.h>
 #include <asm/uaccess.h>
 #include <asm/ioctls.h>
-#include <asm/bug.h>
 #include <net/ip.h>
 #include <net/sock.h>
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 69bd957380e7..91cce8b2d7a5 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -11,7 +11,6 @@
 * 
 */
-#include <asm/bug.h>
 #include <linux/compiler.h>
 #include <linux/config.h>
 #include <linux/netdevice.h>