diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/ip_queue.c | 7 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_queue.c | 7 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink_queue.c | 7 |
3 files changed, 12 insertions, 9 deletions
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index 7edad790478a..97556cc2e4e0 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c | |||
| @@ -351,9 +351,10 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
| 351 | if (v->data_len < sizeof(*user_iph)) | 351 | if (v->data_len < sizeof(*user_iph)) |
| 352 | return 0; | 352 | return 0; |
| 353 | diff = v->data_len - e->skb->len; | 353 | diff = v->data_len - e->skb->len; |
| 354 | if (diff < 0) | 354 | if (diff < 0) { |
| 355 | skb_trim(e->skb, v->data_len); | 355 | if (pskb_trim(e->skb, v->data_len)) |
| 356 | else if (diff > 0) { | 356 | return -ENOMEM; |
| 357 | } else if (diff > 0) { | ||
| 357 | if (v->data_len > 0xFFFF) | 358 | if (v->data_len > 0xFFFF) |
| 358 | return -EINVAL; | 359 | return -EINVAL; |
| 359 | if (diff > skb_tailroom(e->skb)) { | 360 | if (diff > skb_tailroom(e->skb)) { |
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index 9510c24ca8d2..9fec832ee08b 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c | |||
| @@ -349,9 +349,10 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
| 349 | if (v->data_len < sizeof(*user_iph)) | 349 | if (v->data_len < sizeof(*user_iph)) |
| 350 | return 0; | 350 | return 0; |
| 351 | diff = v->data_len - e->skb->len; | 351 | diff = v->data_len - e->skb->len; |
| 352 | if (diff < 0) | 352 | if (diff < 0) { |
| 353 | skb_trim(e->skb, v->data_len); | 353 | if (pskb_trim(e->skb, v->data_len)) |
| 354 | else if (diff > 0) { | 354 | return -ENOMEM; |
| 355 | } else if (diff > 0) { | ||
| 355 | if (v->data_len > 0xFFFF) | 356 | if (v->data_len > 0xFFFF) |
| 356 | return -EINVAL; | 357 | return -EINVAL; |
| 357 | if (diff > skb_tailroom(e->skb)) { | 358 | if (diff > skb_tailroom(e->skb)) { |
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 6e4ada3c1844..e815a9aa6e95 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c | |||
| @@ -622,9 +622,10 @@ nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e) | |||
| 622 | int diff; | 622 | int diff; |
| 623 | 623 | ||
| 624 | diff = data_len - e->skb->len; | 624 | diff = data_len - e->skb->len; |
| 625 | if (diff < 0) | 625 | if (diff < 0) { |
| 626 | skb_trim(e->skb, data_len); | 626 | if (pskb_trim(e->skb, data_len)) |
| 627 | else if (diff > 0) { | 627 | return -ENOMEM; |
| 628 | } else if (diff > 0) { | ||
| 628 | if (data_len > 0xFFFF) | 629 | if (data_len > 0xFFFF) |
| 629 | return -EINVAL; | 630 | return -EINVAL; |
| 630 | if (diff > skb_tailroom(e->skb)) { | 631 | if (diff > skb_tailroom(e->skb)) { |