Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

author: David S. Miller <davem@davemloft.net> 2012-04-12 23:41:23 (GMT)
committer: David S. Miller <davem@davemloft.net> 2012-04-12 23:41:23 (GMT)
commit: 011e3c63251be832d23df9f0697626ab7b354d02 (patch)
tree: 2cad5b58c274c93ae49d9b58fb15d784d4dfd78f /net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
parent: c1412fce7eccae62b4de22494f6ab3ff8a90c0c6 (diff)
parent: ecca5c3acc0d0933d89abc44e60afb0cc8170e35 (diff)
download: linux-011e3c63251be832d23df9f0697626ab7b354d02.tar.xz
1 files changed, 10 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 5c45e30..345c7dc 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -74,16 +74,24 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
 
 	iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
 	if (iph == NULL)
-		return -NF_DROP;
+		return -NF_ACCEPT;
 
 	/* Conntrack defragments packets, we might still see fragments
 	 * inside ICMP packets though. */
 	if (iph->frag_off & htons(IP_OFFSET))
-		return -NF_DROP;
+		return -NF_ACCEPT;
 
 	*dataoff = nhoff + (iph->ihl << 2);
 	*protonum = iph->protocol;
 
+	/* Check bogus IP headers */
+	if (*dataoff > skb->len) {
+		pr_debug("nf_conntrack_ipv4: bogus IPv4 packet: "
+			 "nhoff %u, ihl %u, skblen %u\n",
+			 nhoff, iph->ihl << 2, skb->len);
+		return -NF_ACCEPT;
+	}
+
 	return NF_ACCEPT;
 }
author	David S. Miller <davem@davemloft.net>	2012-04-12 23:41:23 (GMT)
committer	David S. Miller <davem@davemloft.net>	2012-04-12 23:41:23 (GMT)
commit	011e3c63251be832d23df9f0697626ab7b354d02 (patch)
tree	2cad5b58c274c93ae49d9b58fb15d784d4dfd78f /net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
parent	c1412fce7eccae62b4de22494f6ab3ff8a90c0c6 (diff)
parent	ecca5c3acc0d0933d89abc44e60afb0cc8170e35 (diff)
download	linux-011e3c63251be832d23df9f0697626ab7b354d02.tar.xz