diff options
| author | David S. Miller <davem@davemloft.net> | 2013-06-17 16:13:45 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-06-17 16:13:45 -0700 |
| commit | e00c7f1fad21ff81ac0a8dfbbb7cc3b7c806fa73 (patch) | |
| tree | 12e29890b5feb323c762abf28d2c1b6ff217c0fa /net/netfilter/xt_TCPOPTSTRIP.c | |
| parent | ab69bde6b2e9c37456eeb0051a185446336aef9f (diff) | |
| parent | b396966c4688522863572927cb30aa874b3ec504 (diff) | |
| download | linux-e00c7f1fad21ff81ac0a8dfbbb7cc3b7c806fa73.tar.gz linux-e00c7f1fad21ff81ac0a8dfbbb7cc3b7c806fa73.tar.bz2 linux-e00c7f1fad21ff81ac0a8dfbbb7cc3b7c806fa73.zip | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
The following patchset contains Netfilter fixes. They are targeted to the
TCP option targets, that have receive some scrinity in the last week. The
changes are:
* Fix TCPOPTSTRIP, it stopped working in the forward chain as tcp_hdr
uses skb->transport_header, and we cannot use that in the forwarding
case, from myself.
* Fix default IPv6 MSS in TCPMSS in case of absence of TCP MSS options,
from Phil Oester.
* Fix missing fragmentation handling again in TCPMSS, from Phil Oester.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/xt_TCPOPTSTRIP.c')
| -rw-r--r-- | net/netfilter/xt_TCPOPTSTRIP.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/xt_TCPOPTSTRIP.c b/net/netfilter/xt_TCPOPTSTRIP.c index 1eb1a44bfd3d..b68fa191710f 100644 --- a/net/netfilter/xt_TCPOPTSTRIP.c +++ b/net/netfilter/xt_TCPOPTSTRIP.c @@ -48,11 +48,13 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb, return NF_DROP; len = skb->len - tcphoff; - if (len < (int)sizeof(struct tcphdr) || - tcp_hdr(skb)->doff * 4 > len) + if (len < (int)sizeof(struct tcphdr)) return NF_DROP; tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); + if (tcph->doff * 4 > len) + return NF_DROP; + opt = (u_int8_t *)tcph; /* |