X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fipt_esp.c;h=e1d0dd31e11740a9ed4578bfdfc11471dadbb860;hb=c7b5ebbddf7bcd3651947760f423e3783bbe6573;hp=c3b889378844cfa0dabc136cc6defa993a45ab96;hpb=a2c21200f1c81b08cb55e417b68150bba439b646;p=linux-2.6.git

diff --git a/net/ipv4/netfilter/ipt_esp.c b/net/ipv4/netfilter/ipt_esp.c
index c3b889378..e1d0dd31e 100644
--- a/net/ipv4/netfilter/ipt_esp.c
+++ b/net/ipv4/netfilter/ipt_esp.c
@@ -44,23 +44,26 @@ match(const struct sk_buff *skb,
       int offset,
       int *hotdrop)
 {
-	struct ip_esp_hdr esp;
+	struct ip_esp_hdr _esp, *eh;
 	const struct ipt_esp *espinfo = matchinfo;
 
 	/* Must not be a fragment. */
 	if (offset)
 		return 0;
 
-	if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &esp, sizeof(esp)) < 0) {
+	eh = skb_header_pointer(skb, skb->nh.iph->ihl * 4,
+				sizeof(_esp), &_esp);
+	if (eh == NULL) {
 		/* We've been asked to examine this packet, and we
-		   can't.  Hence, no choice but to drop. */
+		 * can't.  Hence, no choice but to drop.
+		 */
 		duprintf("Dropping evil ESP tinygram.\n");
 		*hotdrop = 1;
 		return 0;
 	}
 
 	return spi_match(espinfo->spis[0], espinfo->spis[1],
-			 ntohl(esp.spi),
+			 ntohl(eh->spi),
 			 !!(espinfo->invflags & IPT_ESP_INV_SPI));
 }