Commit b8138a9e authored by Harald Welte's avatar Harald Welte Committed by Hideaki Yoshifuji

[NETFILTER]: Missing skb->len check in ip_conntrack_proto_tcp.c:tcp_packet().

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
parent d56159f6
...@@ -177,6 +177,8 @@ static int tcp_packet(struct ip_conntrack *conntrack, ...@@ -177,6 +177,8 @@ static int tcp_packet(struct ip_conntrack *conntrack,
if (skb_copy_bits(skb, skb->nh.iph->ihl * 4, &tcph, sizeof(tcph)) != 0) if (skb_copy_bits(skb, skb->nh.iph->ihl * 4, &tcph, sizeof(tcph)) != 0)
return -1; return -1;
if (skb->len < skb->nh.iph->ihl * 4 + tcph.doff * 4)
return -1;
/* If only reply is a RST, we can consider ourselves not to /* If only reply is a RST, we can consider ourselves not to
have an established connection: this is a fairly common have an established connection: this is a fairly common
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment