From dbe08ae3b153d9e8d728abe0df21cfff8e164a00 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 17 Dec 2007 21:47:14 -0800 Subject: [PATCH] --- yaml --- r: 78499 b: refs/heads/master c: 30c08c41be75145b8850ea14b2d5ee4ee4b705d8 h: refs/heads/master i: 78497: ade33e903db5ec7ea637ef268efe6446aa7d83f6 78495: de5f445cd34ac7b7b8e2c8f39159bdf0f5756808 v: v3 --- [refs] | 2 +- trunk/net/ipv4/netfilter/ip_tables.c | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/[refs] b/[refs] index 07881d6d963a..848f6f2a93de 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 89c002d66aafab93814b38d8dae43fa50aec390a +refs/heads/master: 30c08c41be75145b8850ea14b2d5ee4ee4b705d8 diff --git a/trunk/net/ipv4/netfilter/ip_tables.c b/trunk/net/ipv4/netfilter/ip_tables.c index 4586af397ef4..cc896fe2fd92 100644 --- a/trunk/net/ipv4/netfilter/ip_tables.c +++ b/trunk/net/ipv4/netfilter/ip_tables.c @@ -1098,7 +1098,7 @@ static int compat_calc_entry(struct ipt_entry *e, unsigned int entry_offset; int off, i, ret; - off = 0; + off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); entry_offset = (void *)e - base; IPT_MATCH_ITERATE(e, compat_calc_match, &off); t = ipt_get_target(e); @@ -1501,6 +1501,8 @@ compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr, goto out; *dstptr += sizeof(struct compat_ipt_entry); + *size -= sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); + ret = IPT_MATCH_ITERATE(e, xt_compat_match_to_user, dstptr, size); target_offset = e->target_offset - (origsize - *size); if (ret) @@ -1605,7 +1607,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e, if (ret) return ret; - off = 0; + off = sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); entry_offset = (void *)e - (void *)base; j = 0; ret = IPT_MATCH_ITERATE(e, compat_find_calc_match, name, &e->ip, @@ -1671,6 +1673,8 @@ compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr, memcpy(de, e, sizeof(struct ipt_entry)); *dstptr += sizeof(struct compat_ipt_entry); + *size += sizeof(struct ipt_entry) - sizeof(struct compat_ipt_entry); + ret = IPT_MATCH_ITERATE(e, xt_compat_match_from_user, dstptr, size); if (ret) return ret;