X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=target%2Flinux%2Fgeneric%2Fpatches-3.1%2F610-netfilter_match_bypass_default_checks.patch;h=51c9e0999ba1b718e39b9e99726f12f2e1943859;hb=82bd0a43f1fbff02da4db38f91751919529944a4;hp=4760c8ad85e5c229f6d2df156461de7d9ddf60a2;hpb=44ba13b57890b62ecd30ba8a7ce2758e5b44ee89;p=oweals%2Fopenwrt.git

diff --git a/target/linux/generic/patches-3.1/610-netfilter_match_bypass_default_checks.patch b/target/linux/generic/patches-3.1/610-netfilter_match_bypass_default_checks.patch
index 4760c8ad85..51c9e0999b 100644
--- a/target/linux/generic/patches-3.1/610-netfilter_match_bypass_default_checks.patch
+++ b/target/linux/generic/patches-3.1/610-netfilter_match_bypass_default_checks.patch
@@ -20,7 +20,7 @@
  	if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
  		  IPT_INV_SRCIP) ||
  	    FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
-@@ -134,6 +137,26 @@ ip_packet_match(const struct iphdr *ip,
+@@ -134,6 +137,29 @@ ip_packet_match(const struct iphdr *ip,
  	return true;
  }
  
@@ -38,6 +38,9 @@
 +	if (memcmp(ip->outiface_mask, iface_mask, IFNAMSIZ) != 0)
 +		return;
 +
++	if (ip->smsk.s_addr || ip->dmsk.s_addr)
++		return;
++
 +	if (ip->proto)
 +		return;
 +
@@ -47,7 +50,7 @@
  static bool
  ip_checkentry(const struct ipt_ip *ip)
  {
-@@ -561,7 +584,7 @@ static void cleanup_match(struct xt_entr
+@@ -561,7 +587,7 @@ static void cleanup_match(struct xt_entr
  }
  
  static int
@@ -56,7 +59,7 @@
  {
  	const struct xt_entry_target *t;
  
-@@ -570,6 +593,8 @@ check_entry(const struct ipt_entry *e, c
+@@ -570,6 +596,8 @@ check_entry(const struct ipt_entry *e, c
  		return -EINVAL;
  	}
  
@@ -65,7 +68,7 @@
  	if (e->target_offset + sizeof(struct xt_entry_target) >
  	    e->next_offset)
  		return -EINVAL;
-@@ -931,6 +956,7 @@ copy_entries_to_user(unsigned int total_
+@@ -931,6 +959,7 @@ copy_entries_to_user(unsigned int total_
  	const struct xt_table_info *private = table->private;
  	int ret = 0;
  	const void *loc_cpu_entry;
@@ -73,7 +76,7 @@
  
  	counters = alloc_counters(table);
  	if (IS_ERR(counters))
-@@ -961,6 +987,14 @@ copy_entries_to_user(unsigned int total_
+@@ -961,6 +990,14 @@ copy_entries_to_user(unsigned int total_
  			ret = -EFAULT;
  			goto free_counters;
  		}