diff options
author | JP Abgrall <jpa@google.com> | 2011-09-29 15:36:49 -0700 |
---|---|---|
committer | Arve Hjønnevåg <arve@android.com> | 2013-07-01 13:40:36 -0700 |
commit | ef08cfe9ce821b31f929a8396069b20f7a9b05f8 (patch) | |
tree | c3c41ef0338d226bcdfdc736717f212df4cc84d0 /net/rxrpc | |
parent | ea34f99edb73b67ef0a99d304887c64febd4c878 (diff) |
netfilter: ipv6: fix crash caused by ipv6_find_hdr()
When calling:
ipv6_find_hdr(skb, &thoff, -1, NULL)
on a fragmented packet, thoff would be left with a random
value causing callers to read random memory offsets with:
skb_header_pointer(skb, thoff, ...)
Now we force ipv6_find_hdr() to return a failure in this case.
Calling:
ipv6_find_hdr(skb, &thoff, -1, &fragoff)
will set fragoff as expected, and not return a failure.
Change-Id: Ib474e8a4267dd2b300feca325811330329684a88
Signed-off-by: JP Abgrall <jpa@google.com>
Diffstat (limited to 'net/rxrpc')
0 files changed, 0 insertions, 0 deletions