netfilter: conntrack: check for NEXTHDR_NONE before header sanity checking

NEXTHDR_NONE doesn't has an IPv6 option header, so the first check for the length will always fail and results in a confusing message "too short" if debugging enabled. With this patch, we check for NEXTHDR_NONE before length sanity checkings are done. Signed-off-by: N Christoph Paasch <christoph.paasch@gmail.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N Patrick McHardy <kaber@trash.net>

netfilter: conntrack: check for NEXTHDR_NONE before header sanity checking
NEXTHDR_NONE doesn't has an IPv6 option header, so the first check for the length will always fail and results in a confusing message "too short" if debugging enabled. With this patch, we check for NEXTHDR_NONE before length sanity checkings are done. Signed-off-by: N Christoph Paasch <christoph.paasch@gmail.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N Patrick McHardy <kaber@trash.net>
d1238d53 · Christoph Paasch · Patrick McHardy · ec8d5409 · d1238d53
隐藏空白更改
内联并排

Showing with 4 addition and 4 deletion

net/ipv6/netfilter/nf_conntrack_reasm.c net/ipv6/netfilter/nf_conntrack_reasm.c +4 -4

未找到文件。
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -528,14 +528,14 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int *prevhoff, int *fhoff)
 		if (!ipv6_ext_hdr(nexthdr)) {
 			return -1;
 		}
-		if (len < (int)sizeof(struct ipv6_opt_hdr)) {
-			pr_debug("too short\n");
-			return -1;
-		}
 		if (nexthdr == NEXTHDR_NONE) {
 			pr_debug("next header is none\n");
 			return -1;
 		}
+		if (len < (int)sizeof(struct ipv6_opt_hdr)) {
+			pr_debug("too short\n");
+			return -1;
+		}
 		if (skb_copy_bits(skb, start, &hdr, sizeof(hdr)))
 			BUG();
 		if (nexthdr == NEXTHDR_AUTH)