aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/net/cipso_ipv4.h4
-rw-r--r--net/ipv4/cipso_ipv4.c4
2 files changed, 8 insertions, 0 deletions
diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h
index 3ebb168b9afc..a34b141f125f 100644
--- a/include/net/cipso_ipv4.h
+++ b/include/net/cipso_ipv4.h
@@ -309,6 +309,10 @@ static inline int cipso_v4_validate(const struct sk_buff *skb,
309 } 309 }
310 310
311 for (opt_iter = 6; opt_iter < opt_len;) { 311 for (opt_iter = 6; opt_iter < opt_len;) {
312 if (opt_iter + 1 == opt_len) {
313 err_offset = opt_iter;
314 goto out;
315 }
312 tag_len = opt[opt_iter + 1]; 316 tag_len = opt[opt_iter + 1];
313 if ((tag_len == 0) || (tag_len > (opt_len - opt_iter))) { 317 if ((tag_len == 0) || (tag_len > (opt_len - opt_iter))) {
314 err_offset = opt_iter + 1; 318 err_offset = opt_iter + 1;
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index 72d6f056d863..ae206163c273 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -1587,6 +1587,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option)
1587 goto validate_return_locked; 1587 goto validate_return_locked;
1588 } 1588 }
1589 1589
1590 if (opt_iter + 1 == opt_len) {
1591 err_offset = opt_iter;
1592 goto validate_return_locked;
1593 }
1590 tag_len = tag[1]; 1594 tag_len = tag[1];
1591 if (tag_len > (opt_len - opt_iter)) { 1595 if (tag_len > (opt_len - opt_iter)) {
1592 err_offset = opt_iter + 1; 1596 err_offset = opt_iter + 1;
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-27 15:03:32 -0400