From: Ting-Wei Lan <lantw44@gmail.com>
Date: Fri, 20 Jun 2014 10:27:00 +0000 (+0800)
Subject: extra: fix wrong implementation in nfq_udp_get_payload
X-Git-Tag: upstream/1.0.2~7
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7769fced8113eb297e161b559af5535280003f2e;p=platform%2Fupstream%2Flibnetfilter_queue.git

extra: fix wrong implementation in nfq_udp_get_payload

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/extra/udp.c b/src/extra/udp.c
index eee732e..6e6baed 100644
--- a/src/extra/udp.c
+++ b/src/extra/udp.c
@@ -56,13 +56,17 @@ EXPORT_SYMBOL(nfq_udp_get_hdr);
  */
 void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb)
 {
-	unsigned int doff = udph->len;
+	uint16_t len = ntohs(udph->len);
 
-	/* malformed UDP data offset. */
-	if (pktb->transport_header + doff > pktb->tail)
+	/* the UDP packet is too short. */
+	if (len < sizeof(struct udphdr))
 		return NULL;
 
-	return pktb->transport_header + doff;
+	/* malformed UDP packet. */
+	if (pktb->transport_header + len > pktb->tail)
+		return NULL;
+
+	return pktb->transport_header + sizeof(struct udphdr);
 }
 EXPORT_SYMBOL(nfq_udp_get_payload);