netfilter: nf_conntrack_tcp: fix unaligned memory access in tcp_sack

[firefly-linux-kernel-4.4.55.git] / net / netfilter / nf_conntrack_proto_tcp.c

diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index a1edb9c1adee8625e5d81800c0fa8bb96ec483cc..56ac4ee77a1d8f273713adcd5d0747ee6125721b 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -15,6 +15,7 @@
 #include <linux/skbuff.h>
 #include <linux/ipv6.h>
 #include <net/ip6_checksum.h>
+#include <asm/unaligned.h>
 
 #include <net/tcp.h>
 
@@ -466,7 +467,7 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff,
                                for (i = 0;
                                     i < (opsize - TCPOLEN_SACK_BASE);
                                     i += TCPOLEN_SACK_PERBLOCK) {
-                                       tmp = ntohl(*((__be32 *)(ptr+i)+1));
+                                       tmp = get_unaligned_be32((__be32 *)(ptr+i)+1);
 
                                        if (after(tmp, *sack))
                                                *sack = tmp;
@@ -859,7 +860,7 @@ static int tcp_packet(struct nf_conn *ct,
                         */
                        if (nf_ct_kill(ct))
                                return -NF_REPEAT;
-                       return -NF_DROP;
+                       return NF_DROP;
                }
                /* Fall through */
        case TCP_CONNTRACK_IGNORE:
@@ -892,7 +893,7 @@ static int tcp_packet(struct nf_conn *ct,
                                nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
                                          "nf_ct_tcp: killing out of sync session ");
                        nf_ct_kill(ct);
-                       return -NF_DROP;
+                       return NF_DROP;
                }
                ct->proto.tcp.last_index = index;
                ct->proto.tcp.last_dir = dir;