Merge to Fedora kernel-2.6.18-1.2224_FC5 patched with stable patch-2.6.18.1-vs2.0...

[linux-2.6.git] / net / netfilter / xt_string.c

diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c
index 79d9ea6..275330f 100644 (file)
--- a/net/netfilter/xt_string.c
+++ b/net/netfilter/xt_string.c
@@ -30,14 +30,14 @@ static int match(const struct sk_buff *skb,
                 unsigned int protoff,
                 int *hotdrop)
 {
+       const struct xt_string_info *conf = matchinfo;
        struct ts_state state;
-       struct xt_string_info *conf = (struct xt_string_info *) matchinfo;
 
        memset(&state, 0, sizeof(struct ts_state));
 
        return (skb_find_text((struct sk_buff *)skb, conf->from_offset, 
                             conf->to_offset, conf->config, &state) 
-                            != UINT_MAX) && !conf->invert;
+                            != UINT_MAX) ^ conf->invert;
 }
 
 #define STRING_TEXT_PRIV(m) ((struct xt_string_info *) m)
@@ -55,7 +55,10 @@ static int checkentry(const char *tablename,
        /* Damn, can't handle this case properly with iptables... */
        if (conf->from_offset > conf->to_offset)
                return 0;
-
+       if (conf->algo[XT_STRING_MAX_ALGO_NAME_SIZE - 1] != '\0')
+               return 0;
+       if (conf->patlen > XT_STRING_MAX_PATTERN_SIZE)
+               return 0;
        ts_conf = textsearch_prepare(conf->algo, conf->pattern, conf->patlen,
                                     GFP_KERNEL, TS_AUTOLOAD);
        if (IS_ERR(ts_conf))