aboutsummaryrefslogtreecommitdiff
path: root/net/ipv4/netfilter/ipt_CONNMARK.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4/netfilter/ipt_CONNMARK.c')
-rw-r--r--net/ipv4/netfilter/ipt_CONNMARK.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/ipt_CONNMARK.c b/net/ipv4/netfilter/ipt_CONNMARK.c
index 30ddd3e18eb..8ed744157b1 100644
--- a/net/ipv4/netfilter/ipt_CONNMARK.c
+++ b/net/ipv4/netfilter/ipt_CONNMARK.c
@@ -40,9 +40,9 @@ target(struct sk_buff **pskb,
void *userinfo)
{
const struct ipt_connmark_target_info *markinfo = targinfo;
- unsigned long diff;
- unsigned long nfmark;
- unsigned long newmark;
+ u_int32_t diff;
+ u_int32_t nfmark;
+ u_int32_t newmark;
enum ip_conntrack_info ctinfo;
struct ip_conntrack *ct = ip_conntrack_get((*pskb), &ctinfo);
@@ -94,6 +94,11 @@ checkentry(const char *tablename,
}
}
+ if (matchinfo->mark > 0xffffffff || matchinfo->mask > 0xffffffff) {
+ printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n");
+ return 0;
+ }
+
return 1;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 16:54:56 +0000