patch-2.4.25 linux-2.4.25/net/ipv6/netfilter/ip6_tables.c
Next file: linux-2.4.25/net/ipv6/route.c
Previous file: linux-2.4.25/net/ipv6/netfilter/ip6_queue.c
Back to the patch index
Back to the overall index
- Lines: 10
- Date:
2004-02-18 05:36:32.000000000 -0800
- Orig file:
linux-2.4.24/net/ipv6/netfilter/ip6_tables.c
- Orig date:
2003-08-25 04:44:44.000000000 -0700
diff -urN linux-2.4.24/net/ipv6/netfilter/ip6_tables.c linux-2.4.25/net/ipv6/netfilter/ip6_tables.c
@@ -1543,7 +1543,8 @@
duprintf("tcp_match: finding option\n");
/* If we don't have the whole header, drop packet. */
- if (tcp->doff * 4 > datalen) {
+ if (tcp->doff * 4 < sizeof(struct tcphdr) ||
+ tcp->doff * 4 > datalen) {
*hotdrop = 1;
return 0;
}
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)