Attachment #23949 for bug #61016

View | Details | Raw Unified | Return to bug 61016
Collapse All | Expand All

Lines 71-77 Link Here

(-)linux-2.6.5.orig/net/ipv4/netfilter/ipt_LOG.c (-2 / +2 lines)
71	printk("FRAG:%u ", ntohs(iph.frag_off) & IP_OFFSET);	71	printk("FRAG:%u ", ntohs(iph.frag_off) & IP_OFFSET);
72		72
73	if ((info->logflags & IPT_LOG_IPOPT)	73	if ((info->logflags & IPT_LOG_IPOPT)
74	&& iph.ihl * 4 != sizeof(struct iphdr)) {	74	&& iph.ihl * 4 > sizeof(struct iphdr)) {
75	unsigned char opt[4 * 15 - sizeof(struct iphdr)];	75	unsigned char opt[4 * 15 - sizeof(struct iphdr)];
76	unsigned int i, optsize;	76	unsigned int i, optsize;
77		77
Lines 138-144 Link Here
138	printk("URGP=%u ", ntohs(tcph.urg_ptr));	138	printk("URGP=%u ", ntohs(tcph.urg_ptr));
139		139
140	if ((info->logflags & IPT_LOG_TCPOPT)	140	if ((info->logflags & IPT_LOG_TCPOPT)
141	&& tcph.doff * 4 != sizeof(struct tcphdr)) {	141	&& tcph.doff * 4 > sizeof(struct tcphdr)) {
142	unsigned char opt[4 * 15 - sizeof(struct tcphdr)];	142	unsigned char opt[4 * 15 - sizeof(struct tcphdr)];
143	unsigned int i, optsize;	143	unsigned int i, optsize;
144		144

Lines 188-194 Link Here

(-)linux-2.6.5.orig/net/ipv6/netfilter/ip6t_LOG.c (-1 / +1 lines)
188	printk("URGP=%u ", ntohs(tcph->urg_ptr));	188	printk("URGP=%u ", ntohs(tcph->urg_ptr));
189		189
190	if ((info->logflags & IP6T_LOG_TCPOPT)	190	if ((info->logflags & IP6T_LOG_TCPOPT)
191	&& tcph->doff * 4 != sizeof(struct tcphdr)) {	191	&& tcph->doff * 4 > sizeof(struct tcphdr)) {
192	unsigned int i;	192	unsigned int i;
193		193
194	/* Max length: 127 "OPT (" 1542chars ") " */	194	/* Max length: 127 "OPT (" 1542chars ") " */

Return to bug 61016