git.ipfire.org Git - thirdparty/iptables.git/commit

]> git.ipfire.org Git - thirdparty/iptables.git/commit

projects / thirdparty / iptables.git / commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 8 Oct 2013 10:13:57 +0000 (12:13 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 30 Dec 2013 22:50:52 +0000 (23:50 +0100)
commit	6cd426bc7593ecf04a02c901d94e04093bdf69e4
tree	0ea7a510623f5debe46772178f545b75eae21bbc	tree \| snapshot
parent	5f6e384ac2a3d7b647a909654a3bdee1c0bcb3eb	commit \| diff

nft: fix bad length when comparing extension data area

Use ->userspacesize to compare the extension data area, otherwise
we also compare the internal private pointers which are only
meaningful to the kernelspace.

This fixes:

xtables -4 -D INPUT -m connlimit \
--connlimit-above 10 --connlimit-mask 32 --connlimit-daddr

But it also fixes many other matches/targets which use internal
private data.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

iptables/nft-shared.c

diff | blob | blame | history

Mirror of git://git.netfilter.org/iptables

RSS Atom