[NETFILTER]: Handle nonlinear skbs in ip_queue/ip6_queue

Signed-off-by: Patrick McHardy <kaber@trash.net>

[NETFILTER]: Handle nonlinear skbs in ip_queue/ip6_queue
Signed-off-by: Patrick McHardy <kaber@trash.net>
069fa23e · Patrick McHardy · 2d2ddfcd · 069fa23e · 069fa23e
Commit 069fa23e authored Nov 13, 2004 by Patrick McHardy
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

net/ipv4/netfilter/ip_queue.c net/ipv4/netfilter/ip_queue.c +4 -1

net/ipv6/netfilter/ip6_queue.c net/ipv6/netfilter/ip6_queue.c +4 -1

No files found.
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -257,7 +257,8 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
 	}
 	if (data_len)
-		memcpy(pmsg->payload, entry->skb->data, data_len);
+		if (skb_copy_bits(entry->skb, 0, pmsg->payload, data_len))
+			BUG();
 	nlh->nlmsg_len = skb->tail - old_tail;
 	return skb;
@@ -362,6 +363,8 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
 		}
 		skb_put(e->skb, diff);
 	}
+	if (!skb_ip_make_writable(&e->skb, v->data_len))
+		return -ENOMEM;
 	memcpy(e->skb->data, v->payload, v->data_len);
 	e->skb->nfcache |= NFC_ALTERED;

--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -262,7 +262,8 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
 	}
 	if (data_len)
-		memcpy(pmsg->payload, entry->skb->data, data_len);
+		if (skb_copy_bits(entry->skb, 0, pmsg->payload, data_len))
+			BUG();
 	nlh->nlmsg_len = skb->tail - old_tail;
 	return skb;
@@ -366,6 +367,8 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
 		}
 		skb_put(e->skb, diff);
 	}
+	if (!skb_ip_make_writable(&e->skb, v->data_len))
+		return -ENOMEM;
 	memcpy(e->skb->data, v->payload, v->data_len);
 	e->skb->nfcache |= NFC_ALTERED;