Merge commit 'v3.4-rc3' into rt-3.4-rc3-rt4v3.4-rc3-rt4

author: Clark Williams <williams@redhat.com> 2012-04-15 23:24:46 -0500
committer: Clark Williams <williams@redhat.com> 2012-04-15 23:24:46 -0500
commit: 8e9c931b8e4150f3c5aaab7e4639cd507c30477c (patch)
tree: 4c77bef833db938a950c60095f628acc1ebff50a /net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
parent: 3524a83e5459ae4ba42f9bf098bb736b99b88695 (diff)
parent: e816b57a337ea3b755de72bec38c10c864f23015 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index de9da21113a1..cf73cc70ed2d 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -74,16 +74,24 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
 
 	iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
 	if (iph == NULL)
-		return -NF_DROP;
+		return -NF_ACCEPT;
 
 	/* Conntrack defragments packets, we might still see fragments
 	 * inside ICMP packets though. */
 	if (iph->frag_off & htons(IP_OFFSET))
-		return -NF_DROP;
+		return -NF_ACCEPT;
 
 	*dataoff = nhoff + (iph->ihl << 2);
 	*protonum = iph->protocol;
 
+	/* Check bogus IP headers */
+	if (*dataoff > skb->len) {
+		pr_debug("nf_conntrack_ipv4: bogus IPv4 packet: "
+			 "nhoff %u, ihl %u, skblen %u\n",
+			 nhoff, iph->ihl << 2, skb->len);
+		return -NF_ACCEPT;
+	}
+
 	return NF_ACCEPT;
 }
author	Clark Williams <williams@redhat.com>	2012-04-15 23:24:46 -0500
committer	Clark Williams <williams@redhat.com>	2012-04-15 23:24:46 -0500
commit	8e9c931b8e4150f3c5aaab7e4639cd507c30477c (patch)
tree	4c77bef833db938a950c60095f628acc1ebff50a /net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
parent	3524a83e5459ae4ba42f9bf098bb736b99b88695 (diff)
parent	e816b57a337ea3b755de72bec38c10c864f23015 (diff)