diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-12-11 14:03:10 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-12-11 14:03:10 +0100 |
| commit | 9e9e47b997630b0fb9831770d868368ee67920e9 (patch) | |
| tree | eb9be95cb6293896d4a126f60d3478faa8e093ce | |
| parent | 8bbcdc02e96466b99729e4efef74e4abd6665486 (diff) | |
device: ensure icmp skb length check is done for v6
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rw-r--r-- | src/device.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/src/device.c b/src/device.c index e48cb68..68e74b9 100644 --- a/src/device.c +++ b/src/device.c @@ -98,23 +98,19 @@ static void skb_unsendable(struct sk_buff *skb, struct net_device *dev) #endif ++dev->stats.tx_errors; - if (skb->len < sizeof(struct iphdr)) - goto free; - - if (ip_hdr(skb)->version == 4) { + if (skb->len >= sizeof(struct iphdr) && ip_hdr(skb)->version == 4) { #if IS_ENABLED(CONFIG_NF_CONNTRACK) if (ct) ip_hdr(skb)->saddr = ct->tuplehash[0].tuple.src.u3.ip; #endif icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0); - } else if (ip_hdr(skb)->version == 6) { + } else if (skb->len >= sizeof(struct ipv6hdr) && ip_hdr(skb)->version == 6) { #if IS_ENABLED(CONFIG_NF_CONNTRACK) if (ct) ipv6_hdr(skb)->saddr = ct->tuplehash[0].tuple.src.u3.in6; #endif icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0); } -free: kfree_skb(skb); } |