diff options
author | Christoph Paasch <christoph.paasch@gmail.com> | 2009-05-05 09:32:16 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2009-05-05 09:32:16 -0400 |
commit | b98b4947cb79d670fceca0e951c092eea93e9baa (patch) | |
tree | 4daddb336ddbab1e7ac7a6b10e68add36ab908ac | |
parent | a7ca7fccacc029958fd09985e7f3529b90ec791d (diff) |
netfilter: ip6t_ipv6header: fix match on packets ending with NEXTHDR_NONE
As packets ending with NEXTHDR_NONE don't have a last extension header,
the check for the length needs to be after the check for NEXTHDR_NONE.
Signed-off-by: Christoph Paasch <christoph.paasch@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | net/ipv6/netfilter/ip6t_ipv6header.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index 14e6724d5672..91490ad9302c 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c | |||
@@ -50,14 +50,14 @@ ipv6header_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | |||
50 | struct ipv6_opt_hdr _hdr; | 50 | struct ipv6_opt_hdr _hdr; |
51 | int hdrlen; | 51 | int hdrlen; |
52 | 52 | ||
53 | /* Is there enough space for the next ext header? */ | ||
54 | if (len < (int)sizeof(struct ipv6_opt_hdr)) | ||
55 | return false; | ||
56 | /* No more exthdr -> evaluate */ | 53 | /* No more exthdr -> evaluate */ |
57 | if (nexthdr == NEXTHDR_NONE) { | 54 | if (nexthdr == NEXTHDR_NONE) { |
58 | temp |= MASK_NONE; | 55 | temp |= MASK_NONE; |
59 | break; | 56 | break; |
60 | } | 57 | } |
58 | /* Is there enough space for the next ext header? */ | ||
59 | if (len < (int)sizeof(struct ipv6_opt_hdr)) | ||
60 | return false; | ||
61 | /* ESP -> evaluate */ | 61 | /* ESP -> evaluate */ |
62 | if (nexthdr == NEXTHDR_ESP) { | 62 | if (nexthdr == NEXTHDR_ESP) { |
63 | temp |= MASK_ESP; | 63 | temp |= MASK_ESP; |