Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit acab78b9 authored by Luís Fernando Cornachioni Estrozi's avatar Luís Fernando Cornachioni Estrozi Committed by Pablo Neira Ayuso
Browse files

netfilter: ebt_ip6: fix source and destination matching 



This bug was introduced on commit 0898f99a. This just recovers two
checks that existed before as suggested by Bart De Schuymer.

Signed-off-by: default avatarLuís Fernando Cornachioni Estrozi <lestrozi@uolinc.com>
Signed-off-by: default avatarBart De Schuymer <bdschuym@pandora.be>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 0c3c6c00

net/bridge/netfilter/ebt_ip6.c

+5 −3
Original line number Diff line number Diff line
@@ -48,10 +48,12 @@ ebt_ip6_mt(const struct sk_buff *skb, struct xt_action_param *par) 
	if (info->bitmask & EBT_IP6_TCLASS &&

	   FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS))

		return false;

	if (FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk,

				       &info->saddr), EBT_IP6_SOURCE) ||

	if ((info->bitmask & EBT_IP6_SOURCE &&

	    FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk,

				       &info->saddr), EBT_IP6_SOURCE)) ||

	    (info->bitmask & EBT_IP6_DEST &&

	    FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk,

				       &info->daddr), EBT_IP6_DEST))

				       &info->daddr), EBT_IP6_DEST)))

		return false;

	if (info->bitmask & EBT_IP6_PROTO) {

		uint8_t nexthdr = ih6->nexthdr;