diff options
| author |   Al Viro <viro@zeniv.linux.org.uk> | 2016-05-11 00:00:29 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2016-05-11 00:00:29 -0400 |
| commit | e4d35be584be88a3db3fa5635a97c62a2ec5aafe (patch) | |
| tree | fc22a7fb65697306edd71411959ccee6df60c64d /net/netfilter/nf_conntrack_proto_tcp.c | |
| parent | get_rock_ridge_filename(): handle malformed NM entries (diff) | |
| parent | ovl: ignore permissions on underlying lookup (diff) | |
| download | linux-dev-e4d35be584be88a3db3fa5635a97c62a2ec5aafe.tar.xz linux-dev-e4d35be584be88a3db3fa5635a97c62a2ec5aafe.zip | |
Merge branch 'ovl-fixes' into for-linus
Diffstat (limited to 'net/netfilter/nf_conntrack_proto_tcp.c')
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 278f3b9356ef..7cc1d9c22a9f 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c @@ -410,6 +410,8 @@ static void tcp_options(const struct sk_buff *skb, length--; continue; default: + if (length < 2) + return; opsize=*ptr++; if (opsize < 2) /* "silly options" */ return; @@ -470,6 +472,8 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff, length--; continue; default: + if (length < 2) + return; opsize = *ptr++; if (opsize < 2) /* "silly options" */ return; |