leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netfilter: ip6t_ipv6header: fix match on packets ending with NEXTHDR_NONE

Browse Source 
As packets ending with NEXTHDR_NONE don't have a last extension header,
the check for the length needs to be after the check for NEXTHDR_NONE.

Signed-off-by: Christoph Paasch <christoph.paasch@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Christoph Paasch 2009-05-05 15:32:16 +02:00 committed by Patrick McHardy
parent a7ca7fccac
commit b98b4947cb
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
net/ipv6/netfilter/ip6t_ipv6header.c
View File

@ -50,14 +50,14 @@ ipv6header_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
struct ipv6_opt_hdr _hdr; struct ipv6_opt_hdr _hdr;
int hdrlen; int hdrlen;
/* Is there enough space for the next ext header? */
if (len < (int)sizeof(struct ipv6_opt_hdr))
return false;
/* No more exthdr -> evaluate */ /* No more exthdr -> evaluate */
if (nexthdr == NEXTHDR_NONE) { if (nexthdr == NEXTHDR_NONE) {
temp |= MASK_NONE; temp |= MASK_NONE;
break; break;
} }
/* Is there enough space for the next ext header? */
if (len < (int)sizeof(struct ipv6_opt_hdr))
return false;
/* ESP -> evaluate */ /* ESP -> evaluate */
if (nexthdr == NEXTHDR_ESP) { if (nexthdr == NEXTHDR_ESP) {
temp |= MASK_ESP; temp |= MASK_ESP;