projects / wrapfs-5.3.y.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 803ffe5) | patch
netfilter: nft_exthdr: check for IPv6 packet before further processing
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 10 Jun 2021 18:20:30 +0000 (20:20 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 14 Jul 2021 15:07:06 +0000 (17:07 +0200)
commit34a76bb820d6f077272709dfdd634767cc1d7852
treecc91a3fafd4ace840eb85892f33ecac34d3b56b1tree | snapshot
parent803ffe5f1fa58e507dd879aebd89d814a064ccf5commit | diff
netfilter: nft_exthdr: check for IPv6 packet before further processing

[ Upstream commit cdd73cc545c0fb9b1a1f7b209f4f536e7990cff4 ]

ipv6_find_hdr() does not validate that this is an IPv6 packet. Add a
sanity check for calling ipv6_find_hdr() to make sure an IPv6 packet
is passed for parsing.

Fixes: 96518518cc41 ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/netfilter/nft_exthdr.c diff | blob | history
wrapfs-5.3.y