summaryrefslogtreecommitdiffstats
path: root/include/net/netfilter/nf_tables_ipv4.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/netfilter/nf_tables_ipv4.h')
-rw-r--r--include/net/netfilter/nf_tables_ipv4.h4
1 files changed, 4 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables_ipv4.h b/include/net/netfilter/nf_tables_ipv4.h
index c4a6147b0ef8..112708f7a6b4 100644
--- a/include/net/netfilter/nf_tables_ipv4.h
+++ b/include/net/netfilter/nf_tables_ipv4.h
@@ -35,6 +35,8 @@ static inline int __nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt)
return -1;
else if (len < thoff)
return -1;
+ else if (thoff < sizeof(*iph))
+ return -1;
pkt->flags = NFT_PKTINFO_L4PROTO;
pkt->tprot = iph->protocol;
@@ -69,6 +71,8 @@ static inline int nft_set_pktinfo_ipv4_ingress(struct nft_pktinfo *pkt)
return -1;
} else if (len < thoff) {
goto inhdr_error;
+ } else if (thoff < sizeof(*iph)) {
+ return -1;
}
pkt->flags = NFT_PKTINFO_L4PROTO;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 12:58:09 +0000