projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 70d19f8)
netfilter: xt_TCPMSS: Fix missing fragmentation handling
authorPhil Oester <kernel@linuxace.com>
Wed, 12 Jun 2013 08:58:20 +0000 (10:58 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 12 Jun 2013 09:06:19 +0000 (11:06 +0200)
Similar to commit bc6bcb59 ("netfilter: xt_TCPOPTSTRIP: fix
possible mangling beyond packet boundary"), add safe fragment
handling to xt_TCPMSS.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/xt_TCPMSS.c patch | blob | history

diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 6640a224f9fb88cdaaeeeffab547a1c9b4ef0477..7011c71646f0266eb75c856bc49fea7b5030bd52 100644 (file)
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -57,6 +57,10 @@ tcpmss_mangle_packet(struct sk_buff *skb,
        u16 newmss;
        u8 *opt;
 
+       /* This is a fragment, no TCP header is available */
+       if (par->fragoff != 0)
+               return XT_CONTINUE;
+
        if (!skb_make_writable(skb, skb->len))
                return -1;
 
John Crispins staging tree