Commit d1613c91 authored by Martin Josefsson's avatar Martin Josefsson Committed by Patrick McHardy

[NETFILTER]: Fix SNAT/DNAT target size checks

This patch fixes two size checks in the checkentry() for SNAT and DNAT
targets. The patch to remove support for multiple ranges forgot to use
IPT_ALIGN(). This isn't a problem on x86 but other archs like parisc
are affected and thus can't add any SNAT/DNAT rules.
Signed-off-by: default avatarMartin Josefsson <gandalf@wlug.westbo.se>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 79476f70
...@@ -181,7 +181,7 @@ static int ipt_snat_checkentry(const char *tablename, ...@@ -181,7 +181,7 @@ static int ipt_snat_checkentry(const char *tablename,
return 0; return 0;
} }
if (targinfosize != sizeof(struct ip_nat_multi_range_compat)) { if (targinfosize != IPT_ALIGN(sizeof(struct ip_nat_multi_range_compat))) {
DEBUGP("SNAT: Target size %u wrong for %u ranges\n", DEBUGP("SNAT: Target size %u wrong for %u ranges\n",
targinfosize, mr->rangesize); targinfosize, mr->rangesize);
return 0; return 0;
...@@ -214,7 +214,7 @@ static int ipt_dnat_checkentry(const char *tablename, ...@@ -214,7 +214,7 @@ static int ipt_dnat_checkentry(const char *tablename,
return 0; return 0;
} }
if (targinfosize != sizeof(struct ip_nat_multi_range_compat)) { if (targinfosize != IPT_ALIGN(sizeof(struct ip_nat_multi_range_compat))) {
DEBUGP("DNAT: Target size %u wrong for %u ranges\n", DEBUGP("DNAT: Target size %u wrong for %u ranges\n",
targinfosize, mr->rangesize); targinfosize, mr->rangesize);
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment