summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@sunset.davemloft.net>2007-04-13 16:37:54 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2007-04-13 16:37:54 -0700
commit49688c843101ba6275756505e81af45ef50f87d7 (patch)
treee30c9d9424115282be11b1495b8bcf8a12a5885b
parent612f09e8495ba656032f89147ab999ef2be9c360 (diff)
downloadkernel-crypto-49688c843101ba6275756505e81af45ef50f87d7.tar.gz
kernel-crypto-49688c843101ba6275756505e81af45ef50f87d7.tar.xz
kernel-crypto-49688c843101ba6275756505e81af45ef50f87d7.zip
[NETFILTER] arp_tables: Fix unaligned accesses.
There are two device string comparison loops in arp_packet_match(). The first one goes byte-by-byte but the second one tries to be clever and cast the string to a long and compare by longs. The device name strings in the arp table entries are not guarenteed to be aligned enough to make this value, so just use byte-by-byte for both cases. Based upon a report by <drraid@gmail.com>. Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/netfilter/arp_tables.c10
1 files changed, 3 insertions, 7 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 5170f5c75f9..57b0221f9e2 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -166,13 +166,9 @@ static inline int arp_packet_match(const struct arphdr *arphdr,
return 0;
}
- for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
- unsigned long odev;
- memcpy(&odev, outdev + i*sizeof(unsigned long),
- sizeof(unsigned long));
- ret |= (odev
- ^ ((const unsigned long *)arpinfo->outiface)[i])
- & ((const unsigned long *)arpinfo->outiface_mask)[i];
+ for (i = 0, ret = 0; i < IFNAMSIZ; i++) {
+ ret |= (outdev[i] ^ arpinfo->outiface[i])
+ & arpinfo->outiface_mask[i];
}
if (FWINV(ret != 0, ARPT_INV_VIA_OUT)) {