diff options
author | Christoph Paasch <christoph.paasch@gmail.com> | 2009-03-16 10:52:11 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2009-03-16 10:52:11 -0400 |
commit | d1238d5337e8e53cddea77c2a26d26b6eb5a982f (patch) | |
tree | 89f8cf58ffbd7f20665f88954df5ec4136b8d73b /net | |
parent | ec8d540969da9a70790e9028d57b5b577dd7aa77 (diff) |
netfilter: conntrack: check for NEXTHDR_NONE before header sanity checking
NEXTHDR_NONE doesn't has an IPv6 option header, so the first check
for the length will always fail and results in a confusing message
"too short" if debugging enabled. With this patch, we check for
NEXTHDR_NONE before length sanity checkings are done.
Signed-off-by: Christoph Paasch <christoph.paasch@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index ed4d79a9e4a6..058a5e4a60c3 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c | |||
@@ -528,14 +528,14 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int *prevhoff, int *fhoff) | |||
528 | if (!ipv6_ext_hdr(nexthdr)) { | 528 | if (!ipv6_ext_hdr(nexthdr)) { |
529 | return -1; | 529 | return -1; |
530 | } | 530 | } |
531 | if (len < (int)sizeof(struct ipv6_opt_hdr)) { | ||
532 | pr_debug("too short\n"); | ||
533 | return -1; | ||
534 | } | ||
535 | if (nexthdr == NEXTHDR_NONE) { | 531 | if (nexthdr == NEXTHDR_NONE) { |
536 | pr_debug("next header is none\n"); | 532 | pr_debug("next header is none\n"); |
537 | return -1; | 533 | return -1; |
538 | } | 534 | } |
535 | if (len < (int)sizeof(struct ipv6_opt_hdr)) { | ||
536 | pr_debug("too short\n"); | ||
537 | return -1; | ||
538 | } | ||
539 | if (skb_copy_bits(skb, start, &hdr, sizeof(hdr))) | 539 | if (skb_copy_bits(skb, start, &hdr, sizeof(hdr))) |
540 | BUG(); | 540 | BUG(); |
541 | if (nexthdr == NEXTHDR_AUTH) | 541 | if (nexthdr == NEXTHDR_AUTH) |