diff options
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 3 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 3 |
2 files changed, 2 insertions, 4 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index 6d2a08205111..dc442fb791b0 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
| @@ -177,8 +177,7 @@ static unsigned int ipv6_confirm(unsigned int hooknum, | |||
| 177 | 177 | ||
| 178 | protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum, | 178 | protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum, |
| 179 | (*pskb)->len - extoff); | 179 | (*pskb)->len - extoff); |
| 180 | if (protoff < 0 || protoff > (*pskb)->len || | 180 | if (protoff > (*pskb)->len || pnum == NEXTHDR_FRAGMENT) { |
| 181 | pnum == NEXTHDR_FRAGMENT) { | ||
| 182 | DEBUGP("proto header not found\n"); | 181 | DEBUGP("proto header not found\n"); |
| 183 | return NF_ACCEPT; | 182 | return NF_ACCEPT; |
| 184 | } | 183 | } |
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index 0be790d250f9..8814b95b2326 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | |||
| @@ -168,8 +168,7 @@ icmpv6_error_message(struct sk_buff *skb, | |||
| 168 | skb->len - inip6off | 168 | skb->len - inip6off |
| 169 | - sizeof(struct ipv6hdr)); | 169 | - sizeof(struct ipv6hdr)); |
| 170 | 170 | ||
| 171 | if ((inprotoff < 0) || (inprotoff > skb->len) || | 171 | if ((inprotoff > skb->len) || (inprotonum == NEXTHDR_FRAGMENT)) { |
| 172 | (inprotonum == NEXTHDR_FRAGMENT)) { | ||
| 173 | DEBUGP("icmpv6_error: Can't get protocol header in ICMPv6 payload.\n"); | 172 | DEBUGP("icmpv6_error: Can't get protocol header in ICMPv6 payload.\n"); |
| 174 | return -NF_ACCEPT; | 173 | return -NF_ACCEPT; |
| 175 | } | 174 | } |