Skip to content

Commit

Permalink
netfilter: ip6t_ipv6header: fix match on packets ending with NEXTHDR_…
Browse files Browse the repository at this point in the history 
…NONE

As packets ending with NEXTHDR_NONE don't have a last extension header,
the check for the length needs to be after the check for NEXTHDR_NONE.

Signed-off-by: Christoph Paasch <christoph.paasch@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
  • Loading branch information
Christoph Paasch authored and Patrick McHardy committed May 5, 2009
1 parent a7ca7fc commit b98b494
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions net/ipv6/netfilter/ip6t_ipv6header.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,14 +50,14 @@ ipv6header_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
struct ipv6_opt_hdr _hdr;
int hdrlen;

/* Is there enough space for the next ext header? */
if (len < (int)sizeof(struct ipv6_opt_hdr))
return false;
/* No more exthdr -> evaluate */
if (nexthdr == NEXTHDR_NONE) {
temp |= MASK_NONE;
break;
}
/* Is there enough space for the next ext header? */
if (len < (int)sizeof(struct ipv6_opt_hdr))
return false;
/* ESP -> evaluate */
if (nexthdr == NEXTHDR_ESP) {
temp |= MASK_ESP;
Expand Down

0 comments on commit b98b494

Please sign in to comment.