ipv4: Put proper checks into icmp_socket_deliver().

All handler->err() routines expect that we've done a pskb_may_pull() test to make sure that IP header length + 8 bytes can be safely pulled. Reported-by: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2012-07-12 11:06:04 -0400
committer: David S. Miller <davem@davemloft.net> 2012-07-12 11:06:04 -0400
commit: f0a70e902f483295a8b6d74ef4393bc577b703d7 (patch)
tree: 900ea41b4306d7bdca7e1ff6db23e36e889a6073 /net/ipv4/icmp.c
parent: 065f5f9749202cf91dae6f39ad7e9fe8801023b5 (diff)
1 files changed, 6 insertions, 6 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index d01aeb4d492e..ea3a996de95b 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -640,6 +640,12 @@ static void icmp_socket_deliver(struct sk_buff *skb, u32 info)
        const struct net_protocol *ipprot;
        int protocol = iph->protocol;
+        /* Checkin full IP header plus 8 bytes of protocol to
+         * avoid additional coding at protocol handlers.
+         */
+        if (!pskb_may_pull(skb, iph->ihl * 4 + 8))
+                return;
        raw_icmp_error(skb, protocol, info);
        rcu_read_lock();
@@ -733,12 +739,6 @@ static void icmp_unreach(struct sk_buff *skb)
                goto out;
        }
-        /* Checkin full IP header plus 8 bytes of protocol to
-         * avoid additional coding at protocol handlers.
-         */
-        if (!pskb_may_pull(skb, iph->ihl * 4 + 8))
-                goto out;
        icmp_socket_deliver(skb, info);
 out:
author	David S. Miller <davem@davemloft.net>	2012-07-12 11:06:04 -0400
committer	David S. Miller <davem@davemloft.net>	2012-07-12 11:06:04 -0400
commit	f0a70e902f483295a8b6d74ef4393bc577b703d7 (patch)
tree	900ea41b4306d7bdca7e1ff6db23e36e889a6073 /net/ipv4/icmp.c
parent	065f5f9749202cf91dae6f39ad7e9fe8801023b5 (diff)