|
|
@@ -30,17 +30,28 @@ static inline unsigned int optlen(const u_int8_t *opt, unsigned int offset)
|
|
|
|
|
|
static unsigned int
|
|
|
tcpoptstrip_mangle_packet(struct sk_buff *skb,
|
|
|
- const struct xt_tcpoptstrip_target_info *info,
|
|
|
+ const struct xt_action_param *par,
|
|
|
unsigned int tcphoff, unsigned int minlen)
|
|
|
{
|
|
|
+ const struct xt_tcpoptstrip_target_info *info = par->targinfo;
|
|
|
unsigned int optl, i, j;
|
|
|
struct tcphdr *tcph;
|
|
|
u_int16_t n, o;
|
|
|
u_int8_t *opt;
|
|
|
+ int len;
|
|
|
+
|
|
|
+ /* This is a fragment, no TCP header is available */
|
|
|
+ if (par->fragoff != 0)
|
|
|
+ return XT_CONTINUE;
|
|
|
|
|
|
if (!skb_make_writable(skb, skb->len))
|
|
|
return NF_DROP;
|
|
|
|
|
|
+ len = skb->len - tcphoff;
|
|
|
+ if (len < (int)sizeof(struct tcphdr) ||
|
|
|
+ tcp_hdr(skb)->doff * 4 > len)
|
|
|
+ return NF_DROP;
|
|
|
+
|
|
|
tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
|
|
|
opt = (u_int8_t *)tcph;
|
|
|
|
|
|
@@ -76,7 +87,7 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
|
|
|
static unsigned int
|
|
|
tcpoptstrip_tg4(struct sk_buff *skb, const struct xt_action_param *par)
|
|
|
{
|
|
|
- return tcpoptstrip_mangle_packet(skb, par->targinfo, ip_hdrlen(skb),
|
|
|
+ return tcpoptstrip_mangle_packet(skb, par, ip_hdrlen(skb),
|
|
|
sizeof(struct iphdr) + sizeof(struct tcphdr));
|
|
|
}
|
|
|
|
|
|
@@ -94,7 +105,7 @@ tcpoptstrip_tg6(struct sk_buff *skb, const struct xt_action_param *par)
|
|
|
if (tcphoff < 0)
|
|
|
return NF_DROP;
|
|
|
|
|
|
- return tcpoptstrip_mangle_packet(skb, par->targinfo, tcphoff,
|
|
|
+ return tcpoptstrip_mangle_packet(skb, par, tcphoff,
|
|
|
sizeof(*ipv6h) + sizeof(struct tcphdr));
|
|
|
}
|
|
|
#endif
|
Pablo Neira Ayuso