diff options
| -rw-r--r-- | net/ipv6/netfilter/ip6t_mh.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/ip6t_mh.c b/net/ipv6/netfilter/ip6t_mh.c index 2c7efc6a506d..c2a909893a64 100644 --- a/net/ipv6/netfilter/ip6t_mh.c +++ b/net/ipv6/netfilter/ip6t_mh.c | |||
| @@ -66,6 +66,13 @@ match(const struct sk_buff *skb, | |||
| 66 | return 0; | 66 | return 0; |
| 67 | } | 67 | } |
| 68 | 68 | ||
| 69 | if (mh->ip6mh_proto != IPPROTO_NONE) { | ||
| 70 | duprintf("Dropping invalid MH Payload Proto: %u\n", | ||
| 71 | mh->ip6mh_proto); | ||
| 72 | *hotdrop = 1; | ||
| 73 | return 0; | ||
| 74 | } | ||
| 75 | |||
| 69 | return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type, | 76 | return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type, |
| 70 | !!(mhinfo->invflags & IP6T_MH_INV_TYPE)); | 77 | !!(mhinfo->invflags & IP6T_MH_INV_TYPE)); |
| 71 | } | 78 | } |