Merge branch 'master' of ../netdev/

author: David S. Miller <davem@davemloft.net> 2011-09-16 01:09:02 -0400
committer: David S. Miller <davem@davemloft.net> 2011-09-16 01:09:02 -0400
commit: 52b9aca7ae8726d1fb41b97dd1d243d107fef11b (patch)
tree: 7acee111840bd25183513e9bde08e939ffd57be8 /net/ipv4/netfilter/ip_queue.c
parent: 7756332f5b64c9c1535712b9679792e8bd4f0019 (diff)
parent: e2faeec2de9e2c73958e6ea6065dde1e8cd6f3a2 (diff)
1 files changed, 5 insertions, 7 deletions
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 5c9b9d963918..e59aabd0eae4 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -218,6 +218,7 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
 	return skb;
 
 nlmsg_failure:
+	kfree_skb(skb);
 	*errp = -EINVAL;
 	printk(KERN_ERR "ip_queue: error creating packet message\n");
 	return NULL;
@@ -313,7 +314,7 @@ ipq_set_verdict(struct ipq_verdict_msg *vmsg, unsigned int len)
 {
 	struct nf_queue_entry *entry;
 
-	if (vmsg->value > NF_MAX_VERDICT)
+	if (vmsg->value > NF_MAX_VERDICT || vmsg->value == NF_STOLEN)
 		return -EINVAL;
 
 	entry = ipq_find_dequeue_entry(vmsg->id);
@@ -358,12 +359,9 @@ ipq_receive_peer(struct ipq_peer_msg *pmsg,
 		break;
 
 	case IPQM_VERDICT:
-		if (pmsg->msg.verdict.value > NF_MAX_VERDICT)
-			status = -EINVAL;
-		else
-			status = ipq_set_verdict(&pmsg->msg.verdict,
-						 len - sizeof(*pmsg));
-			break;
+		status = ipq_set_verdict(&pmsg->msg.verdict,
+					 len - sizeof(*pmsg));
+		break;
 	default:
 		status = -EINVAL;
 	}
author	David S. Miller <davem@davemloft.net>	2011-09-16 01:09:02 -0400
committer	David S. Miller <davem@davemloft.net>	2011-09-16 01:09:02 -0400
commit	52b9aca7ae8726d1fb41b97dd1d243d107fef11b (patch)
tree	7acee111840bd25183513e9bde08e939ffd57be8 /net/ipv4/netfilter/ip_queue.c
parent	7756332f5b64c9c1535712b9679792e8bd4f0019 (diff)
parent	e2faeec2de9e2c73958e6ea6065dde1e8cd6f3a2 (diff)