diff options
author | Dmitry Torokhov <dmitry.torokhov@gmail.com> | 2017-09-04 09:22:54 -0700 |
---|---|---|
committer | Dmitry Torokhov <dmitry.torokhov@gmail.com> | 2017-09-04 09:22:54 -0700 |
commit | a6cbfa1e6d38c4b3ab0ce7e3aea4bb4e744f24b8 (patch) | |
tree | 8960e571a398b5d32e72bdb9c89ce965daa870ab /net/netfilter/nf_conntrack_proto_sctp.c | |
parent | f5308d1b83eba20e69df5e0926ba7257c8dd9074 (diff) | |
parent | 08d6ac9ee5fedd82040bc878705981b67a116a3f (diff) |
Merge branch 'next' into for-linus
Prepare input updates for 4.14 merge window.
Diffstat (limited to 'net/netfilter/nf_conntrack_proto_sctp.c')
-rw-r--r-- | net/netfilter/nf_conntrack_proto_sctp.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index 13875d599a85..1c5b14a6cab3 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c @@ -512,16 +512,19 @@ static int sctp_error(struct net *net, struct nf_conn *tpl, struct sk_buff *skb, u8 pf, unsigned int hooknum) { const struct sctphdr *sh; - struct sctphdr _sctph; const char *logmsg; - sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph); - if (!sh) { + if (skb->len < dataoff + sizeof(struct sctphdr)) { logmsg = "nf_ct_sctp: short packet "; goto out_invalid; } if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING && skb->ip_summed == CHECKSUM_NONE) { + if (!skb_make_writable(skb, dataoff + sizeof(struct sctphdr))) { + logmsg = "nf_ct_sctp: failed to read header "; + goto out_invalid; + } + sh = (const struct sctphdr *)(skb->data + dataoff); if (sh->checksum != sctp_compute_cksum(skb, dataoff)) { logmsg = "nf_ct_sctp: bad CRC "; goto out_invalid; |