netfilter: {nfnetlink,ip,ip6}_queue: fix skb_over_panic when enlarging packets

[net-next-2.6.git] / net / ipv4 / netfilter / ip_queue.c

diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 719be29f7506dc308b2743c98b9c17488bea037c..26a37cedcf2e3ab1ecb7620e02dd66be7754d961 100644 (file)
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -296,9 +296,8 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct nf_queue_entry *e)
                if (v->data_len > 0xFFFF)
                        return -EINVAL;
                if (diff > skb_tailroom(e->skb)) {
-                       nskb = skb_copy_expand(e->skb, 0,
-                                              diff - skb_tailroom(e->skb),
-                                              GFP_ATOMIC);
+                       nskb = skb_copy_expand(e->skb, skb_headroom(e->skb),
+                                              diff, GFP_ATOMIC);
                        if (!nskb) {
                                printk(KERN_WARNING "ip_queue: error "
                                      "in mangle, dropping packet\n");