netfilter: xt_TCPMSS: Fix missing fragmentation handling

Similar to commit bc6bcb59 ("netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary"), add safe fragment handling to xt_TCPMSS. Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: xt_TCPMSS: Fix missing fragmentation handling
Similar to commit bc6bcb59 ("netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary"), add safe fragment handling to xt_TCPMSS. Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
b396966c · Phil Oester · Pablo Neira Ayuso · 70d19f80 · b396966c
Commit b396966c authored Jun 12, 2013 by Phil Oester Committed by Pablo Neira Ayuso Jun 12, 2013
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

net/netfilter/xt_TCPMSS.c net/netfilter/xt_TCPMSS.c +4 -0

No files found.
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -57,6 +57,10 @@ tcpmss_mangle_packet(struct sk_buff *skb,
 	u16 newmss;
 	u8 *opt;
+	/* This is a fragment, no TCP header is available */
+	if (par->fragoff != 0)
+		return XT_CONTINUE;
 	if (!skb_make_writable(skb, skb->len))
 		return -1;