Commit 4e742d9c authored by Linus Torvalds's avatar Linus Torvalds

Merge bk://kernel.bkbits.net/davem/nf-2.6

into home.osdl.org:/home/torvalds/v2.5/linux
parents f65196a4 427f850f
......@@ -1529,11 +1529,16 @@ tcp_match(const struct sk_buff *skb,
== tcpinfo->flg_cmp,
IPT_TCP_INV_FLAGS))
return 0;
if (tcpinfo->option &&
!tcp_find_option(tcpinfo->option, skb, tcph.doff*4 - sizeof(tcph),
if (tcpinfo->option) {
if (tcph.doff * 4 < sizeof(tcph)) {
*hotdrop = 1;
return 0;
}
if (!tcp_find_option(tcpinfo->option, skb, tcph.doff*4 - sizeof(tcph),
tcpinfo->invflags & IPT_TCP_INV_OPTION,
hotdrop))
return 0;
}
return 1;
}
......
......@@ -1545,7 +1545,8 @@ tcp_find_option(u_int8_t option,
duprintf("tcp_match: finding option\n");
/* If we don't have the whole header, drop packet. */
if (tcp->doff * 4 > datalen) {
if (tcp->doff * 4 < sizeof(struct tcphdr) ||
tcp->doff * 4 > datalen) {
*hotdrop = 1;
return 0;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment