netfilter: xt_HMARK: potential NULL dereference in get_inner_hdr()

There is a typo in the error checking and "&&" was used instead of "||". If skb_header_pointer() returns NULL then it leads to a NULL dereference. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Acked-by: Hans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Dan Carpenter <dan.carpenter@oracle.com> 2012-05-12 01:00:03 +0000
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-05-17 00:56:33 +0200
commit: 58618115492711d99fbccb79c5317299e32231fe (patch)
tree: 6fd9fe61601aee724c16d2e5d26d5219e54fc042
parent: netfilter: xt_hashlimit: use _ALL macro to reject unknown flag bits (diff)
download: wireguard-linux-58618115492711d99fbccb79c5317299e32231fe.tar.xz
wireguard-linux-58618115492711d99fbccb79c5317299e32231fe.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c
index 32fbd735d02b..5817d03105b2 100644
--- a/net/netfilter/xt_HMARK.c
+++ b/net/netfilter/xt_HMARK.c
@@ -223,7 +223,7 @@ static int get_inner_hdr(const struct sk_buff *skb, int iphsz, int *nhoff)
 
 	/* Not enough header? */
 	icmph = skb_header_pointer(skb, *nhoff + iphsz, sizeof(_ih), &_ih);
-	if (icmph == NULL && icmph->type > NR_ICMP_TYPES)
+	if (icmph == NULL || icmph->type > NR_ICMP_TYPES)
 		return 0;
 
 	/* Error message? */
author	Dan Carpenter <dan.carpenter@oracle.com>	2012-05-12 01:00:03 +0000
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-05-17 00:56:33 +0200
commit	58618115492711d99fbccb79c5317299e32231fe (patch)
tree	6fd9fe61601aee724c16d2e5d26d5219e54fc042
parent	netfilter: xt_hashlimit: use _ALL macro to reject unknown flag bits (diff)
download	wireguard-linux-58618115492711d99fbccb79c5317299e32231fe.tar.xz wireguard-linux-58618115492711d99fbccb79c5317299e32231fe.zip