Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8be2cbed authored by Linux Build Service Account's avatar Linux Build Service Account Committed by Gerrit - the friendly Code Review server
Browse files

Merge "nf: xt_socket: Fix out-of-bounds in xt_socket_lookup_slow_v{4,6}"

parents 56c27ee9 4b5140ab

net/netfilter/xt_socket.c

+9 −4
Original line number Diff line number Diff line
@@ -158,10 +158,13 @@ struct sock *xt_socket_lookup_slow_v4(struct net *net, 
#endif



	if (iph->protocol == IPPROTO_UDP || iph->protocol == IPPROTO_TCP) {

		struct udphdr _hdr, *hp;

		struct udphdr *hp;

		struct tcphdr _hdr;



		hp = skb_header_pointer(skb, ip_hdrlen(skb),

					sizeof(_hdr), &_hdr);

					iph->protocol == IPPROTO_UDP ?

					sizeof(*hp) : sizeof(_hdr),

					&_hdr);

		if (hp == NULL)

			return NULL;
@@ -360,9 +363,11 @@ struct sock *xt_socket_lookup_slow_v6(struct net *net, 
	}



	if (tproto == IPPROTO_UDP || tproto == IPPROTO_TCP) {

		struct udphdr _hdr, *hp;

		struct udphdr *hp;

		struct tcphdr _hdr;



		hp = skb_header_pointer(skb, thoff, sizeof(_hdr), &_hdr);

		hp = skb_header_pointer(skb, thoff, tproto == IPPROTO_UDP ?

					sizeof(*hp) : sizeof(_hdr), &_hdr);

		if (hp == NULL)

			return NULL;