patch-2.4.25 linux-2.4.25/net/ipv4/netfilter/ip_tables.c
Next file: linux-2.4.25/net/ipv4/netfilter/ipt_MASQUERADE.c
Previous file: linux-2.4.25/net/ipv4/netfilter/ip_queue.c
Back to the patch index
Back to the overall index
- Lines: 19
- Date:
2004-02-18 05:36:32.000000000 -0800
- Orig file:
linux-2.4.24/net/ipv4/netfilter/ip_tables.c
- Orig date:
2003-08-25 04:44:44.000000000 -0700
diff -urN linux-2.4.24/net/ipv4/netfilter/ip_tables.c linux-2.4.25/net/ipv4/netfilter/ip_tables.c
@@ -259,7 +259,7 @@
struct ipt_table *table,
void *userdata)
{
- static const char nulldevname[IFNAMSIZ] = { 0 };
+ static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))) = { 0 };
u_int16_t offset;
struct iphdr *ip;
void *protohdr;
@@ -1476,7 +1476,8 @@
duprintf("tcp_match: finding option\n");
/* If we don't have the whole header, drop packet. */
- if (tcp->doff * 4 > datalen) {
+ if (tcp->doff * 4 < sizeof(struct tcphdr) ||
+ tcp->doff * 4 > datalen) {
*hotdrop = 1;
return 0;
}
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)