netfilter: xtables: avoid BUG_ON

I see no reason for them, label or timer cannot be NULL, and if they were, we'll crash with null deref anyway. For skb_header_pointer failure, just set hotdrop to true and toss such packet. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2018-09-04 16:01:57 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-09-17 16:11:12 +0200
commit: 70c0eb1ca016f7b6be6cd2a47efc4c701ce4488f (patch)
tree: bd63a56577665026aa8f24458f734dcced723ace /net/ipv6/netfilter/ip6t_ipv6header.c
parent: netfilter: nf_tables: avoid BUG_ON usage (diff)
download: linux-dev-70c0eb1ca016f7b6be6cd2a47efc4c701ce4488f.tar.xz
linux-dev-70c0eb1ca016f7b6be6cd2a47efc4c701ce4488f.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 8b147440fbdc..af737b47b9b5 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -65,7 +65,10 @@ ipv6header_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 		}
 
 		hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
-		BUG_ON(hp == NULL);
+		if (!hp) {
+			par->hotdrop = true;
+			return false;
+		}
 
 		/* Calculate the header length */
 		if (nexthdr == NEXTHDR_FRAGMENT)
author	Florian Westphal <fw@strlen.de>	2018-09-04 16:01:57 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-09-17 16:11:12 +0200
commit	70c0eb1ca016f7b6be6cd2a47efc4c701ce4488f (patch)
tree	bd63a56577665026aa8f24458f734dcced723ace /net/ipv6/netfilter/ip6t_ipv6header.c
parent	netfilter: nf_tables: avoid BUG_ON usage (diff)
download	linux-dev-70c0eb1ca016f7b6be6cd2a47efc4c701ce4488f.tar.xz linux-dev-70c0eb1ca016f7b6be6cd2a47efc4c701ce4488f.zip