From 072d79a31a3b870b49886f4347e23f81b7eca3ac Mon Sep 17 00:00:00 2001
From: Changli Gao <xiaosuo@gmail.com>
Date: Thu, 29 Jul 2010 13:41:46 +0000
Subject: act_nat: fix wild pointer

pskb_may_pull() may change skb pointers, so adjust icmph after pskb_may_pull().

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 net/sched/act_nat.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'net/sched/act_nat.c')

diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index 724553e8ed7b..ea008f57fc83 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -218,6 +218,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
 		if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
 			goto drop;
 
+		icmph = (void *)(skb_network_header(skb) + ihl);
 		iph = (void *)(icmph + 1);
 		if (egress)
 			addr = iph->daddr;
-- 
cgit v1.2.3


From 3a3dfb062c2e086c202d34f09ce29634515ad256 Mon Sep 17 00:00:00 2001
From: Changli Gao <xiaosuo@gmail.com>
Date: Thu, 29 Jul 2010 14:04:18 +0000
Subject: act_nat: the checksum of ICMP doesn't have pseudo header

after updating the value of the ICMP payload, inet_proto_csum_replace4() should
be called with zero pseudohdr.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 net/sched/act_nat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'net/sched/act_nat.c')

diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index ea008f57fc83..abbf4fa66a0b 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -247,7 +247,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
 			iph->saddr = new_addr;
 
 		inet_proto_csum_replace4(&icmph->checksum, skb, addr, new_addr,
-					 1);
+					 0);
 		break;
 	}
 	default:
-- 
cgit v1.2.3