netfilter: Correct calculation using skb->tail and skb-network_header
authorSimon Horman <horms@verge.net.au>
Thu, 30 May 2013 16:39:29 +0000 (16:39 +0000)
committerDavid S. Miller <davem@davemloft.net>
Fri, 31 May 2013 23:38:25 +0000 (16:38 -0700)
This corrects an regression introduced by "net: Use 16bits for *_headers
fields of struct skbuff" when NET_SKBUFF_DATA_USES_OFFSET is not set. In
that case skb->tail will be a pointer whereas skb->network_header
will be an offset from head. This is corrected by using wrappers that
ensure that calculations are always made using pointers.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Reported-by: Chen Gang <gang.chen@asianux.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/netfilter/nf_nat_helper.c

index 5fea563afe30421ccfb5d1dcd294a055144623e0..85e20a9190816f348a845937b8a4fe470a917744 100644 (file)
@@ -104,7 +104,7 @@ static void mangle_contents(struct sk_buff *skb,
        /* move post-replacement */
        memmove(data + match_offset + rep_len,
                data + match_offset + match_len,
-               skb->tail - (skb->network_header + dataoff +
+               skb_tail_pointer(skb) - (skb_network_header(skb) + dataoff +
                             match_offset + match_len));
 
        /* insert data from buffer */