extra: fix wrong implementation in nfq_udp_get_payload

author Ting-Wei Lan <lantw44@gmail.com>

Fri, 20 Jun 2014 10:27:00 +0000 (18:27 +0800)

committer r.kubiak <r.kubiak@samsung.com>

Mon, 16 Nov 2015 13:12:07 +0000 (14:12 +0100)
author Ting-Wei Lan <lantw44@gmail.com>
Fri, 20 Jun 2014 10:27:00 +0000 (18:27 +0800)
committer r.kubiak <r.kubiak@samsung.com>
Mon, 16 Nov 2015 13:12:07 +0000 (14:12 +0100)
diff --git a/src/extra/udp.c b/src/extra/udp.c

index eee732e..6e6baed 100644 (file)
--- a/src/extra/udp.c
+++ b/src/extra/udp.c
@@ -56,13 +56,17 @@ EXPORT_SYMBOL(nfq_udp_get_hdr);
   */
  void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb)
  {
-       unsigned int doff = udph->len;
+       uint16_t len = ntohs(udph->len);
  
-       /* malformed UDP data offset. */
-       if (pktb->transport_header + doff > pktb->tail)
+       /* the UDP packet is too short. */
+       if (len < sizeof(struct udphdr))
                 return NULL;
  
-       return pktb->transport_header + doff;
+       /* malformed UDP packet. */
+       if (pktb->transport_header + len > pktb->tail)
+               return NULL;
+
+       return pktb->transport_header + sizeof(struct udphdr);
  }
  EXPORT_SYMBOL(nfq_udp_get_payload);
author	Ting-Wei Lan <lantw44@gmail.com>
	Fri, 20 Jun 2014 10:27:00 +0000 (18:27 +0800)
committer	r.kubiak <r.kubiak@samsung.com>
	Mon, 16 Nov 2015 13:12:07 +0000 (14:12 +0100)