diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-05 22:25:24 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2021-05-22 10:59:44 +0200 |
| commit | e11924b7513ceacd7e9a0ed9f8db60629eefbf12 (patch) | |
| tree | affa95405bf620a627784e0de8caa34a0dd73ea8 /net/netfilter | |
| parent | bb101fb44caa73a7ff5bc24df2fd49d9602d88f1 (diff) | |
netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
[ Upstream commit 5e024c325406470d1165a09c6feaf8ec897936be ]
Do not assume that the tcph->doff field is correct when parsing for TCP
options, skb_header_pointer() might fail to fetch these bits.
Fixes: 11eeef41d5f6 ("netfilter: passive OS fingerprint xtables match")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nfnetlink_osf.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nfnetlink_osf.c b/net/netfilter/nfnetlink_osf.c index 131f9f8c0b09..917f06110c82 100644 --- a/net/netfilter/nfnetlink_osf.c +++ b/net/netfilter/nfnetlink_osf.c @@ -191,6 +191,8 @@ static const struct tcphdr *nf_osf_hdr_ctx_init(struct nf_osf_hdr_ctx *ctx, ctx->optp = skb_header_pointer(skb, ip_hdrlen(skb) + sizeof(struct tcphdr), ctx->optsize, opts); + if (!ctx->optp) + return NULL; } return tcp; |