[patch 07/23] [PATCH] [NETFILTER] PPTP helper: Fix endianness bug in GRE key / CallID NAT

From: Chris Wright
Date: Tue Nov 22 2005 - 16:08:30 EST

Next message: Chris Wright: "[patch 08/23] [PATCH] [NETFILTER] NAT: Fix module refcount dropping too far"
Previous message: Chris Wright: "[patch 00/23] -stable review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-stable review patch. If anyone has any objections, please let us know.
------------------

This endianness bug slipped through while changing the 'gre.key' field in
the conntrack tuple from 32bit to 16bit.

None of my tests caught the problem, since the linux pptp client always has
'0' as call id / gre key. Only windows clients actually trigger the bug.

Signed-off-by: Harald Welte <laforge@xxxxxxxxxxxxx>
Signed-off-by: Chris Wright <chrisw@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
---
net/ipv4/netfilter/ip_nat_proto_gre.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

--- linux-2.6.14.2.orig/net/ipv4/netfilter/ip_nat_proto_gre.c
+++ linux-2.6.14.2/net/ipv4/netfilter/ip_nat_proto_gre.c
@@ -139,8 +139,8 @@ gre_manip_pkt(struct sk_buff **pskb,
break;
case GRE_VERSION_PPTP:
DEBUGP("call_id -> 0x%04x\n",
- ntohl(tuple->dst.u.gre.key));
- pgreh->call_id = htons(ntohl(tuple->dst.u.gre.key));
+ ntohs(tuple->dst.u.gre.key));
+ pgreh->call_id = tuple->dst.u.gre.key;
break;
default:
DEBUGP("can't nat unknown GRE version\n");

--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "[patch 08/23] [PATCH] [NETFILTER] NAT: Fix module refcount dropping too far"
Previous message: Chris Wright: "[patch 00/23] -stable review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]