netfilter: xt_TCPMSS: Fix missing fragmentation handling

Similar to commit bc6bcb59 ("netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary"), add safe fragment handling to xt_TCPMSS. Signed-off-by: N Phil Oester <kernel@linuxace.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: xt_TCPMSS: Fix missing fragmentation handling
Similar to commit bc6bcb59 ("netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary"), add safe fragment handling to xt_TCPMSS. Signed-off-by: N Phil Oester <kernel@linuxace.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>
b396966c · Phil Oester · Pablo Neira Ayuso · 70d19f80 · b396966c
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

net/netfilter/xt_TCPMSS.c net/netfilter/xt_TCPMSS.c +4 -0

未找到文件。
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -57,6 +57,10 @@ tcpmss_mangle_packet(struct sk_buff *skb,
 	u16 newmss;
 	u8 *opt;

+	/* This is a fragment, no TCP header is available */
+	if (par->fragoff != 0)
+		return XT_CONTINUE;
+
 	if (!skb_make_writable(skb, skb->len))
 		return -1;