|
@@ -84,6 +84,14 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
|
|
|
*dataoff = nhoff + (iph->ihl << 2);
|
|
*dataoff = nhoff + (iph->ihl << 2);
|
|
|
*protonum = iph->protocol;
|
|
*protonum = iph->protocol;
|
|
|
|
|
|
|
|
|
|
+ /* Check bogus IP headers */
|
|
|
|
|
+ if (*dataoff > skb->len) {
|
|
|
|
|
+ pr_debug("nf_conntrack_ipv4: bogus IPv4 packet: "
|
|
|
|
|
+ "nhoff %u, ihl %u, skblen %u\n",
|
|
|
|
|
+ nhoff, iph->ihl << 2, skb->len);
|
|
|
|
|
+ return -NF_ACCEPT;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
return NF_ACCEPT;
|
|
return NF_ACCEPT;
|
|
|
}
|
|
}
|
|
|
|
|
|
Jozsef Kadlecsik