diff options
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 11 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_ah.c | 7 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_frag.c | 7 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_hbh.c | 7 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_rt.c | 7 |
5 files changed, 31 insertions, 8 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index f0328c7bc1c9..53bf977cca63 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -1440,6 +1440,9 @@ static void __exit ip6_tables_fini(void) | |||
1440 | * If target header is found, its offset is set in *offset and return protocol | 1440 | * If target header is found, its offset is set in *offset and return protocol |
1441 | * number. Otherwise, return -1. | 1441 | * number. Otherwise, return -1. |
1442 | * | 1442 | * |
1443 | * If the first fragment doesn't contain the final protocol header or | ||
1444 | * NEXTHDR_NONE it is considered invalid. | ||
1445 | * | ||
1443 | * Note that non-1st fragment is special case that "the protocol number | 1446 | * Note that non-1st fragment is special case that "the protocol number |
1444 | * of last header" is "next header" field in Fragment header. In this case, | 1447 | * of last header" is "next header" field in Fragment header. In this case, |
1445 | * *offset is meaningless and fragment offset is stored in *fragoff if fragoff | 1448 | * *offset is meaningless and fragment offset is stored in *fragoff if fragoff |
@@ -1463,12 +1466,12 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, | |||
1463 | if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) { | 1466 | if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) { |
1464 | if (target < 0) | 1467 | if (target < 0) |
1465 | break; | 1468 | break; |
1466 | return -1; | 1469 | return -ENOENT; |
1467 | } | 1470 | } |
1468 | 1471 | ||
1469 | hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr); | 1472 | hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr); |
1470 | if (hp == NULL) | 1473 | if (hp == NULL) |
1471 | return -1; | 1474 | return -EBADMSG; |
1472 | if (nexthdr == NEXTHDR_FRAGMENT) { | 1475 | if (nexthdr == NEXTHDR_FRAGMENT) { |
1473 | unsigned short _frag_off, *fp; | 1476 | unsigned short _frag_off, *fp; |
1474 | fp = skb_header_pointer(skb, | 1477 | fp = skb_header_pointer(skb, |
@@ -1477,7 +1480,7 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, | |||
1477 | sizeof(_frag_off), | 1480 | sizeof(_frag_off), |
1478 | &_frag_off); | 1481 | &_frag_off); |
1479 | if (fp == NULL) | 1482 | if (fp == NULL) |
1480 | return -1; | 1483 | return -EBADMSG; |
1481 | 1484 | ||
1482 | _frag_off = ntohs(*fp) & ~0x7; | 1485 | _frag_off = ntohs(*fp) & ~0x7; |
1483 | if (_frag_off) { | 1486 | if (_frag_off) { |
@@ -1488,7 +1491,7 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, | |||
1488 | *fragoff = _frag_off; | 1491 | *fragoff = _frag_off; |
1489 | return hp->nexthdr; | 1492 | return hp->nexthdr; |
1490 | } | 1493 | } |
1491 | return -1; | 1494 | return -ENOENT; |
1492 | } | 1495 | } |
1493 | hdrlen = 8; | 1496 | hdrlen = 8; |
1494 | } else if (nexthdr == NEXTHDR_AUTH) | 1497 | } else if (nexthdr == NEXTHDR_AUTH) |
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index ec1b1608156c..46486645eb75 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c | |||
@@ -54,9 +54,14 @@ match(const struct sk_buff *skb, | |||
54 | const struct ip6t_ah *ahinfo = matchinfo; | 54 | const struct ip6t_ah *ahinfo = matchinfo; |
55 | unsigned int ptr; | 55 | unsigned int ptr; |
56 | unsigned int hdrlen = 0; | 56 | unsigned int hdrlen = 0; |
57 | int err; | ||
57 | 58 | ||
58 | if (ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL) < 0) | 59 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL); |
60 | if (err < 0) { | ||
61 | if (err != -ENOENT) | ||
62 | *hotdrop = 1; | ||
59 | return 0; | 63 | return 0; |
64 | } | ||
60 | 65 | ||
61 | ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah); | 66 | ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah); |
62 | if (ah == NULL) { | 67 | if (ah == NULL) { |
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index 78d9c8b9e28a..cd22eaaccdca 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c | |||
@@ -52,9 +52,14 @@ match(const struct sk_buff *skb, | |||
52 | struct frag_hdr _frag, *fh; | 52 | struct frag_hdr _frag, *fh; |
53 | const struct ip6t_frag *fraginfo = matchinfo; | 53 | const struct ip6t_frag *fraginfo = matchinfo; |
54 | unsigned int ptr; | 54 | unsigned int ptr; |
55 | int err; | ||
55 | 56 | ||
56 | if (ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL) < 0) | 57 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL); |
58 | if (err < 0) { | ||
59 | if (err != -ENOENT) | ||
60 | *hotdrop = 1; | ||
57 | return 0; | 61 | return 0; |
62 | } | ||
58 | 63 | ||
59 | fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); | 64 | fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); |
60 | if (fh == NULL) { | 65 | if (fh == NULL) { |
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index d32a205e3af2..3f25babe0440 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c | |||
@@ -65,9 +65,14 @@ match(const struct sk_buff *skb, | |||
65 | u8 _opttype, *tp = NULL; | 65 | u8 _opttype, *tp = NULL; |
66 | u8 _optlen, *lp = NULL; | 66 | u8 _optlen, *lp = NULL; |
67 | unsigned int optlen; | 67 | unsigned int optlen; |
68 | int err; | ||
68 | 69 | ||
69 | if (ipv6_find_hdr(skb, &ptr, match->data, NULL) < 0) | 70 | err = ipv6_find_hdr(skb, &ptr, match->data, NULL); |
71 | if (err < 0) { | ||
72 | if (err != -ENOENT) | ||
73 | *hotdrop = 1; | ||
70 | return 0; | 74 | return 0; |
75 | } | ||
71 | 76 | ||
72 | oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); | 77 | oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); |
73 | if (oh == NULL) { | 78 | if (oh == NULL) { |
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index bcb2e168a5bc..54d7d14134fd 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c | |||
@@ -58,9 +58,14 @@ match(const struct sk_buff *skb, | |||
58 | unsigned int hdrlen = 0; | 58 | unsigned int hdrlen = 0; |
59 | unsigned int ret = 0; | 59 | unsigned int ret = 0; |
60 | struct in6_addr *ap, _addr; | 60 | struct in6_addr *ap, _addr; |
61 | int err; | ||
61 | 62 | ||
62 | if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL) < 0) | 63 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL); |
64 | if (err < 0) { | ||
65 | if (err != -ENOENT) | ||
66 | *hotdrop = 1; | ||
63 | return 0; | 67 | return 0; |
68 | } | ||
64 | 69 | ||
65 | rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route); | 70 | rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route); |
66 | if (rh == NULL) { | 71 | if (rh == NULL) { |