diff options
author | David S. Miller <davem@davemloft.net> | 2015-01-27 00:28:38 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-01-27 00:28:38 -0800 |
commit | bf693f7beb35b6d001bd887e5b02163335f3bd9a (patch) | |
tree | 006edfbf6562e359b1f1ff1ed6ea5c3805f76e17 | |
parent | 6e9e16e6143b725662e47026a1d0f270721cdd24 (diff) | |
parent | f855691975bb06373a98711e4cfe2c224244b536 (diff) | |
download | linux-bf693f7beb35b6d001bd887e5b02163335f3bd9a.tar.bz2 |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
ipsec 2015-01-26
Just two small fixes for _decode_session6() where we
might decode to wrong header information in some rare
situations.
Please pull or let me know if there are problems.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv6/xfrm6_policy.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index 5f983644373a..48bf5a06847b 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c @@ -130,12 +130,18 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) { struct flowi6 *fl6 = &fl->u.ip6; int onlyproto = 0; - u16 offset = skb_network_header_len(skb); const struct ipv6hdr *hdr = ipv6_hdr(skb); + u16 offset = sizeof(*hdr); struct ipv6_opt_hdr *exthdr; const unsigned char *nh = skb_network_header(skb); - u8 nexthdr = nh[IP6CB(skb)->nhoff]; + u16 nhoff = IP6CB(skb)->nhoff; int oif = 0; + u8 nexthdr; + + if (!nhoff) + nhoff = offsetof(struct ipv6hdr, nexthdr); + + nexthdr = nh[nhoff]; if (skb_dst(skb)) oif = skb_dst(skb)->dev->ifindex; |