kernel: add linux 4.4 support

[openwrt.git] / target / linux / generic / patches-4.4 / 612-netfilter_match_reduce_memory_access.patch

diff --git a/target/linux/generic/patches-4.4/612-netfilter_match_reduce_memory_access.patch b/target/linux/generic/patches-4.4/612-netfilter_match_reduce_memory_access.patch
new file mode 100644 (file)
index 0000000..72172d8
--- /dev/null
+++ b/target/linux/generic/patches-4.4/612-netfilter_match_reduce_memory_access.patch
@@ -0,0 +1,16 @@
+--- a/net/ipv4/netfilter/ip_tables.c
++++ b/net/ipv4/netfilter/ip_tables.c
+@@ -85,9 +85,11 @@ ip_packet_match(const struct iphdr *ip,
+       if (ipinfo->flags & IPT_F_NO_DEF_MATCH)
+               return true;
+ 
+-      if (FWINV((ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
++      if (FWINV(ipinfo->smsk.s_addr &&
++                (ip->saddr&ipinfo->smsk.s_addr) != ipinfo->src.s_addr,
+                 IPT_INV_SRCIP) ||
+-          FWINV((ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
++          FWINV(ipinfo->dmsk.s_addr &&
++                (ip->daddr&ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr,
+                 IPT_INV_DSTIP)) {
+               dprintf("Source or dest mismatch.\n");
+