kernel: update 3.14 to 3.14.30

[openwrt.git] / target / linux / generic / patches-3.14 / 612-netfilter_match_reduce_memory_access.patch

--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -85,9 +85,11 @@ ip_packet_match(const struct iphdr *ip,
        if (ipinfo->flags & IPT_F_NO_DEF_MATCH)
                return true;
 
-       if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
+       if (FWINV(ipinfo->smsk.s_addr &&
+                 (ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
                  IPT_INV_SRCIP) ||
-           FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
+           FWINV(ipinfo->dmsk.s_addr &&
+                 (ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
                  IPT_INV_DSTIP)) {
                dprintf("Source or dest mismatch.\n");