diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/xt_TCPOPTSTRIP.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/xt_TCPOPTSTRIP.c b/net/netfilter/xt_TCPOPTSTRIP.c index 1eb1a44bfd3d..b68fa191710f 100644 --- a/net/netfilter/xt_TCPOPTSTRIP.c +++ b/net/netfilter/xt_TCPOPTSTRIP.c | |||
| @@ -48,11 +48,13 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb, | |||
| 48 | return NF_DROP; | 48 | return NF_DROP; |
| 49 | 49 | ||
| 50 | len = skb->len - tcphoff; | 50 | len = skb->len - tcphoff; |
| 51 | if (len < (int)sizeof(struct tcphdr) || | 51 | if (len < (int)sizeof(struct tcphdr)) |
| 52 | tcp_hdr(skb)->doff * 4 > len) | ||
| 53 | return NF_DROP; | 52 | return NF_DROP; |
| 54 | 53 | ||
| 55 | tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); | 54 | tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); |
| 55 | if (tcph->doff * 4 > len) | ||
| 56 | return NF_DROP; | ||
| 57 | |||
| 56 | opt = (u_int8_t *)tcph; | 58 | opt = (u_int8_t *)tcph; |
| 57 | 59 | ||
| 58 | /* | 60 | /* |