]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e92a900) | patch
netfilter: nft_exthdr: check for IPv6 packet before further processing
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 10 Jun 2021 18:20:30 +0000 (20:20 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 16 Jun 2021 18:51:50 +0000 (20:51 +0200)
commitd35087256a233060944933a0c9eb2b8b675c723b
tree54f088ff4225a9734981d24578bc2c67d266e10btree | snapshot
parente92a90084ba15cdb1a9b8d945e2d9682ebc5b32ecommit | diff
netfilter: nft_exthdr: check for IPv6 packet before further processing

ipv6_find_hdr() does not validate that this is an IPv6 packet. Add a
sanity check for calling ipv6_find_hdr() to make sure an IPv6 packet
is passed for parsing.

Fixes: 14793e629b67 ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_exthdr.c diff | blob | history
Linux Kernel Source Tree.