summaryrefslogtreecommitdiffstats
path: root/include/net/netfilter
diff options
context:
space:
mode:
authorYasuyuki Kozakai2006-02-04 11:12:14 +0100
committerDavid S. Miller2006-02-05 08:51:17 +0100
commitddc8d029ac6813827849801bce2d8c8813070db6 (patch)
treef0ae3607018873a8ed3594b9d81f155aed75b906 /include/net/netfilter
parent[NETFILTER]: ctnetlink: add MODULE_ALIAS for expectation subsystem (diff)
downloadkernel-qcow2-linux-ddc8d029ac6813827849801bce2d8c8813070db6.tar.gz
kernel-qcow2-linux-ddc8d029ac6813827849801bce2d8c8813070db6.tar.xz
kernel-qcow2-linux-ddc8d029ac6813827849801bce2d8c8813070db6.zip
[NETFILTER]: nf_conntrack: check address family when finding protocol module
__nf_conntrack_{l3}proto_find() doesn't check the passed protocol family, then it's possible to touch out of the array which has only AF_MAX items. Spotted by Pablo Neira Ayuso. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/netfilter')
-rw-r--r--include/net/netfilter/nf_conntrack_l3proto.h15
1 files changed, 9 insertions, 6 deletions
diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h
index 67856eb93b43..dac43b15a5b0 100644
--- a/include/net/netfilter/nf_conntrack_l3proto.h
+++ b/include/net/netfilter/nf_conntrack_l3proto.h
@@ -88,12 +88,6 @@ extern struct nf_conntrack_l3proto *nf_ct_l3protos[AF_MAX];
extern int nf_conntrack_l3proto_register(struct nf_conntrack_l3proto *proto);
extern void nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto);
-static inline struct nf_conntrack_l3proto *
-__nf_ct_l3proto_find(u_int16_t l3proto)
-{
- return nf_ct_l3protos[l3proto];
-}
-
extern struct nf_conntrack_l3proto *
nf_ct_l3proto_find_get(u_int16_t l3proto);
@@ -103,4 +97,13 @@ extern void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p);
extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4;
extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6;
extern struct nf_conntrack_l3proto nf_conntrack_generic_l3proto;
+
+static inline struct nf_conntrack_l3proto *
+__nf_ct_l3proto_find(u_int16_t l3proto)
+{
+ if (unlikely(l3proto >= AF_MAX))
+ return &nf_conntrack_generic_l3proto;
+ return nf_ct_l3protos[l3proto];
+}
+
#endif /*_NF_CONNTRACK_L3PROTO_H*/