From 5d5a27d3e707bc6236c02a1b0d1c81341ef81517 Mon Sep 17 00:00:00 2001
From: Thomas Graf <tgraf@suug.ch>
Date: Mon, 10 Dec 2007 16:53:29 -0800
Subject: [PATCH] --- yaml --- r: 74797 b: refs/heads/master c:
 95a02cfd4d33886c166d4a5f309120f8d32ced58 h: refs/heads/master i:   74795:
 526ed3c130ef5d80b517d99cf72dbbfbe633dcd4 v: v3

---
 [refs]                | 2 +-
 trunk/net/ipv6/esp6.c | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 2222fe49f4a4..e62937362580 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 2017a72c070033830b460d31cd4703f9d2ec0d56
+refs/heads/master: 95a02cfd4d33886c166d4a5f309120f8d32ced58
diff --git a/trunk/net/ipv6/esp6.c b/trunk/net/ipv6/esp6.c
index 7db66f10e00d..444053254676 100644
--- a/trunk/net/ipv6/esp6.c
+++ b/trunk/net/ipv6/esp6.c
@@ -230,6 +230,12 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
 		}
 		/* ... check padding bits here. Silly. :-) */
 
+		/* RFC4303: Drop dummy packets without any error */
+		if (nexthdr[1] == IPPROTO_NONE) {
+			ret = -EINVAL;
+			goto out;
+		}
+
 		pskb_trim(skb, skb->len - alen - padlen - 2);
 		ret = nexthdr[1];
 	}