evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "nf: xt_socket: Fix out-of-bounds in xt_socket_lookup_slow_v{4,6}"

Browse source
This commit is contained in:
Linux Build Service Account 2018-03-28 15:28:09 -07:00 committed by Gerrit - the friendly Code Review server
commit 9896df099c
1 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
net/netfilter/xt_socket.c
View file

@ -158,10 +158,13 @@ struct sock *xt_socket_lookup_slow_v4(struct net *net,
#endif
if (iph->protocol == IPPROTO_UDP || iph->protocol == IPPROTO_TCP) {
struct udphdr _hdr, *hp;
struct udphdr *hp;
struct tcphdr _hdr;
hp = skb_header_pointer(skb, ip_hdrlen(skb),
sizeof(_hdr), &_hdr);
iph->protocol == IPPROTO_UDP ?
sizeof(*hp) : sizeof(_hdr),
&_hdr);
if (hp == NULL)
return NULL;
@ -360,9 +363,11 @@ struct sock *xt_socket_lookup_slow_v6(struct net *net,
}
if (tproto == IPPROTO_UDP || tproto == IPPROTO_TCP) {
struct udphdr _hdr, *hp;
struct udphdr *hp;
struct tcphdr _hdr;
hp = skb_header_pointer(skb, thoff, sizeof(_hdr), &_hdr);
hp = skb_header_pointer(skb, thoff, tproto == IPPROTO_UDP ?
sizeof(*hp) : sizeof(_hdr), &_hdr);
if (hp == NULL)
return NULL;