netfilter: ipset: Skip really non-first fragments for IPv6 when getting port/protocol

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2013-09-16 14:00:08 -0400
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2013-09-16 14:33:44 -0400
commit: 55524c219aa803887d1c247853842a9566598cba (patch)
tree: 5c9a194f8b6f30310e944a3864e333edba013648 /net
parent: d830f0fa1dd7ca447c38aec82cd44230e0b7ca75 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/ipset/ip_set_getport.c b/net/netfilter/ipset/ip_set_getport.c
index 6fdf88ae2353..dac156f819ac 100644
--- a/net/netfilter/ipset/ip_set_getport.c
+++ b/net/netfilter/ipset/ip_set_getport.c
@@ -116,12 +116,12 @@ ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
 {
        int protoff;
        u8 nexthdr;
-        __be16 frag_off;
+        __be16 frag_off = 0;
        nexthdr = ipv6_hdr(skb)->nexthdr;
        protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr,
                                   &frag_off);
-        if (protoff < 0)
+        if (protoff < 0 || (frag_off & htons(~0x7)) != 0)
                return false;
        return get_port(skb, nexthdr, protoff, src, port, proto);
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2013-09-16 14:00:08 -0400
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2013-09-16 14:33:44 -0400
commit	55524c219aa803887d1c247853842a9566598cba (patch)
tree	5c9a194f8b6f30310e944a3864e333edba013648 /net
parent	d830f0fa1dd7ca447c38aec82cd44230e0b7ca75 (diff)

diff --git a/net/netfilter/ipset/ip_set_getport.c b/net/netfilter/ipset/ip_set_getport.c index 6fdf88ae2353..dac156f819ac 100644 --- a/net/netfilter/ipset/ip_set_getport.c +++ b/net/netfilter/ipset/ip_set_getport.c
@@ -116,12 +116,12 @@ ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
116	{	116	{
117	int protoff;	117	int protoff;
118	u8 nexthdr;	118	u8 nexthdr;
119	__be16 frag_off;	119	__be16 frag_off = 0;
120		120
121	nexthdr = ipv6_hdr(skb)->nexthdr;	121	nexthdr = ipv6_hdr(skb)->nexthdr;
122	protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr,	122	protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr,
123	&frag_off);	123	&frag_off);
124	if (protoff < 0)	124	if (protoff < 0 \|\| (frag_off & htons(~0x7)) != 0)
125	return false;	125	return false;
126		126
127	return get_port(skb, nexthdr, protoff, src, port, proto);	127	return get_port(skb, nexthdr, protoff, src, port, proto);