diff options
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 750b06afd20..cf73cc70ed2 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -84,6 +84,14 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, | |||
84 | *dataoff = nhoff + (iph->ihl << 2); | 84 | *dataoff = nhoff + (iph->ihl << 2); |
85 | *protonum = iph->protocol; | 85 | *protonum = iph->protocol; |
86 | 86 | ||
87 | /* Check bogus IP headers */ | ||
88 | if (*dataoff > skb->len) { | ||
89 | pr_debug("nf_conntrack_ipv4: bogus IPv4 packet: " | ||
90 | "nhoff %u, ihl %u, skblen %u\n", | ||
91 | nhoff, iph->ihl << 2, skb->len); | ||
92 | return -NF_ACCEPT; | ||
93 | } | ||
94 | |||
87 | return NF_ACCEPT; | 95 | return NF_ACCEPT; |
88 | } | 96 | } |
89 | 97 | ||