source: trunk/target/linux/generic/patches-3.1/612-netfilter_match_reduce_memory_access.patch @ 28734

Last change on this file since 28734 was 28734, checked in by nbd, 5 years ago

kernel: merge regression fixes for the netfilter patches to the 3.1 kernel patches (patch by tripolar)

File size: 607 bytes
  • net/ipv4/netfilter/ip_tables.c

    a b ip_packet_match(const struct iphdr *ip, 
    8484        if (ipinfo->flags & IPT_F_NO_DEF_MATCH) 
    8585                return true; 
    8686 
    87         if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr, 
     87        if (FWINV(ipinfo->smsk.s_addr && 
     88                  (ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr, 
    8889                  IPT_INV_SRCIP) || 
    89             FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, 
     90            FWINV(ipinfo->dmsk.s_addr && 
     91                  (ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr, 
    9092                  IPT_INV_DSTIP)) { 
    9193                dprintf("Source or dest mismatch.\n"); 
    9294 
Note: See TracBrowser for help on using the repository browser.