summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChangli Gao <xiaosuo@gmail.com>2010-07-09 15:33:25 +0000
committerDavid S. Miller <davem@davemloft.net>2010-07-12 20:00:19 -0700
commit70c2efa5a32a7d38e66224844032160317fa7887 (patch)
tree34c0785993a0155a3677c97813f0d63e77b48dd2
parentc4363d6acd8d2ec9156f6469c742351e5d122489 (diff)
act_nat: not all of the ICMP packets need an IP header payload
not all of the ICMP packets need an IP header payload, so we check the length of the skbs only when the packets should have an IP header payload. Based upon analysis and initial patch by Rodrigo Partearroyo González. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> ---- net/sched/act_nat.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/sched/act_nat.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index 570949417f3..724553e8ed7 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -205,7 +205,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
{
struct icmphdr *icmph;
- if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
+ if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
goto drop;
icmph = (void *)(skb_network_header(skb) + ihl);
@@ -215,6 +215,9 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
(icmph->type != ICMP_PARAMETERPROB))
break;
+ if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
+ goto drop;
+
iph = (void *)(icmph + 1);
if (egress)
addr = iph->daddr;