[NETFILTER] arp_tables: Fix unaligned accesses.
There are two device string comparison loops in arp_packet_match(). The first one goes byte-by-byte but the second one tries to be clever and cast the string to a long and compare by longs. The device name strings in the arp table entries are not guarenteed to be aligned enough to make this value, so just use byte-by-byte for both cases. Based upon a report by <drraid@gmail.com>. Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
612f09e849
commit
49688c8431
@ -166,13 +166,9 @@ static inline int arp_packet_match(const struct arphdr *arphdr,
|
||||
return 0;
|
||||
}
|
||||
|
||||
for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
|
||||
unsigned long odev;
|
||||
memcpy(&odev, outdev + i*sizeof(unsigned long),
|
||||
sizeof(unsigned long));
|
||||
ret |= (odev
|
||||
^ ((const unsigned long *)arpinfo->outiface)[i])
|
||||
& ((const unsigned long *)arpinfo->outiface_mask)[i];
|
||||
for (i = 0, ret = 0; i < IFNAMSIZ; i++) {
|
||||
ret |= (outdev[i] ^ arpinfo->outiface[i])
|
||||
& arpinfo->outiface_mask[i];
|
||||
}
|
||||
|
||||
if (FWINV(ret != 0, ARPT_INV_VIA_OUT)) {
|
||||
|
Loading…
Reference in New Issue
Block a user