diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-10-08 12:13:57 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:52 +0100 |
| commit | 6cd426bc7593ecf04a02c901d94e04093bdf69e4 (patch) | |
| tree | 0ea7a510623f5debe46772178f545b75eae21bbc /extensions/libip6t_SNAT.c | |
| parent | 5f6e384ac2a3d7b647a909654a3bdee1c0bcb3eb (diff) | |
nft: fix bad length when comparing extension data area
Use ->userspacesize to compare the extension data area, otherwise
we also compare the internal private pointers which are only
meaningful to the kernelspace.
This fixes:
xtables -4 -D INPUT -m connlimit \
--connlimit-above 10 --connlimit-mask 32 --connlimit-daddr
But it also fixes many other matches/targets which use internal
private data.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libip6t_SNAT.c')
0 files changed, 0 insertions, 0 deletions