summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/ipv6/esp6.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 7db66f10e00..44405325467 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -230,6 +230,12 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
}
/* ... check padding bits here. Silly. :-) */
+ /* RFC4303: Drop dummy packets without any error */
+ if (nexthdr[1] == IPPROTO_NONE) {
+ ret = -EINVAL;
+ goto out;
+ }
+
pskb_trim(skb, skb->len - alen - padlen - 2);
ret = nexthdr[1];
}