diff options
| author | David S. Miller <davem@davemloft.net> | 2016-04-14 01:49:03 (GMT) |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-04-14 01:49:03 (GMT) |
| commit | 60e19518d657018c4e25f0c20ca4f623536714b5 (patch) | |
| tree | 4775d80b915310e094581dea09bbac54122b7f6a /net/netfilter/nf_conntrack_proto_tcp.c | |
| parent | 4bc0eb3a1b20facbbf5c4939df863d8928e5c1b7 (diff) | |
| parent | bcf4934288402be3464110109a4dae3bd6fb3e93 (diff) | |
| download | linux-60e19518d657018c4e25f0c20ca4f623536714b5.tar.xz | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for your net tree. More
specifically, they are:
1) Fix missing filter table per-netns registration in arptables, from
Florian Westphal.
2) Resolve out of bound access when parsing TCP options in
nf_conntrack_tcp, patch from Jozsef Kadlecsik.
3) Prefer NFPROTO_BRIDGE extensions over NFPROTO_UNSPEC in ebtables,
this resolves conflict between xt_limit and ebt_limit, from Phil Sutter.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/nf_conntrack_proto_tcp.c')
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 278f3b9..7cc1d9c 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c @@ -410,6 +410,8 @@ static void tcp_options(const struct sk_buff *skb, length--; continue; default: + if (length < 2) + return; opsize=*ptr++; if (opsize < 2) /* "silly options" */ return; @@ -470,6 +472,8 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff, length--; continue; default: + if (length < 2) + return; opsize = *ptr++; if (opsize < 2) /* "silly options" */ return; |