ip(6)tables logging fixes - Fix check for length of tcp options in ipt_LOG.c and ip6t_LOG.c - Fix check for length of IP ptions in ipt_LOG.c Bug apparrently discovered and fixed by multiple parties at the same time, credits go to Yasuyuki Kozakai. Signed-off-by: Harald Welte diff -Nru --exclude .depend --exclude '*.o' --exclude '*.ko' --exclude '*.ver' --exclude '.*.flags' --exclude '*.orig' --exclude '*.rej' --exclude '*.cmd' --exclude '*.mod.c' --exclude '*~' linux-2.4.28-pre3-plain/net/ipv4/netfilter/ipt_LOG.c linux-2.4.28-pre3-logfix/net/ipv4/netfilter/ipt_LOG.c --- linux-2.4.28-pre3-plain/net/ipv4/netfilter/ipt_LOG.c 2003-11-28 19:26:21.000000000 +0100 +++ linux-2.4.28-pre3-logfix/net/ipv4/netfilter/ipt_LOG.c 2004-10-07 11:06:31.182277856 +0200 @@ -67,7 +67,7 @@ printk("FRAG:%u ", ntohs(iph->frag_off) & IP_OFFSET); if ((info->logflags & IPT_LOG_IPOPT) - && iph->ihl * 4 != sizeof(struct iphdr) + && iph->ihl * 4 > sizeof(struct iphdr) && iph->ihl * 4 >= datalen) { unsigned int i; @@ -126,7 +126,7 @@ printk("URGP=%u ", ntohs(tcph->urg_ptr)); if ((info->logflags & IPT_LOG_TCPOPT) - && tcph->doff * 4 != sizeof(struct tcphdr)) { + && tcph->doff * 4 > sizeof(struct tcphdr)) { unsigned int i; /* Max length: 127 "OPT (" 15*4*2chars ") " */ diff -Nru --exclude .depend --exclude '*.o' --exclude '*.ko' --exclude '*.ver' --exclude '.*.flags' --exclude '*.orig' --exclude '*.rej' --exclude '*.cmd' --exclude '*.mod.c' --exclude '*~' linux-2.4.28-pre3-plain/net/ipv6/netfilter/ip6t_LOG.c linux-2.4.28-pre3-logfix/net/ipv6/netfilter/ip6t_LOG.c --- linux-2.4.28-pre3-plain/net/ipv6/netfilter/ip6t_LOG.c 2004-10-07 11:04:38.061892149 +0200 +++ linux-2.4.28-pre3-logfix/net/ipv6/netfilter/ip6t_LOG.c 2004-10-07 11:05:03.484855598 +0200 @@ -189,7 +189,7 @@ printk("URGP=%u ", ntohs(tcph->urg_ptr)); if ((info->logflags & IP6T_LOG_TCPOPT) - && tcph->doff * 4 != sizeof(struct tcphdr)) { + && tcph->doff * 4 > sizeof(struct tcphdr)) { unsigned int i; /* Max length: 127 "OPT (" 15*4*2chars ") " */