Skip to content

Commit

Permalink
netfilter: xt_TCPMSS: Fix missing fragmentation handling
Browse files Browse the repository at this point in the history 
Similar to commit bc6bcb5 ("netfilter: xt_TCPOPTSTRIP: fix
possible mangling beyond packet boundary"), add safe fragment
handling to xt_TCPMSS.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Phil Oester authored and Pablo Neira Ayuso committed Jun 12, 2013
1 parent 70d19f8 commit b396966
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions net/netfilter/xt_TCPMSS.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,10 @@ tcpmss_mangle_packet(struct sk_buff *skb,
u16 newmss;
u8 *opt;

/* This is a fragment, no TCP header is available */
if (par->fragoff != 0)
return XT_CONTINUE;

if (!skb_make_writable(skb, skb->len))
return -1;

Expand Down

0 comments on commit b396966

Please sign in to comment.