Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 49688c84 authored by David S. Miller's avatar David S. Miller
Browse files

[NETFILTER] arp_tables: Fix unaligned accesses. 



There are two device string comparison loops in arp_packet_match().
The first one goes byte-by-byte but the second one tries to be
clever and cast the string to a long and compare by longs.

The device name strings in the arp table entries are not guarenteed
to be aligned enough to make this value, so just use byte-by-byte
for both cases.

Based upon a report by <drraid@gmail.com>.

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 612f09e8

net/ipv4/netfilter/arp_tables.c

+3 −7
Original line number Diff line number Diff line
@@ -166,13 +166,9 @@ static inline int arp_packet_match(const struct arphdr *arphdr, 
		return 0;

	}



	for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {

		unsigned long odev;

		memcpy(&odev, outdev + i*sizeof(unsigned long),

		       sizeof(unsigned long));

		ret |= (odev

			^ ((const unsigned long *)arpinfo->outiface)[i])

			& ((const unsigned long *)arpinfo->outiface_mask)[i];

	for (i = 0, ret = 0; i < IFNAMSIZ; i++) {

		ret |= (outdev[i] ^ arpinfo->outiface[i])

			& arpinfo->outiface_mask[i];

	}



	if (FWINV(ret != 0, ARPT_INV_VIA_OUT)) {