On 22.12.2015 12:46, Huw Davies wrote:
>  
> +/* CALIPSO RFC 5570 */
> +
> +static bool ipv6_hop_calipso(struct sk_buff *skb, int optoff)
> +{
> +     const unsigned char *nh = skb_network_header(skb);
> +
> +     if (nh[optoff + 1] < 8)
> +             goto drop;
> +
> +     if (nh[optoff + 6] * 4 + 8 > nh[optoff + 1])
> +             goto drop;
> +
> +     if (!calipso_validate(skb, nh + optoff))
> +             goto drop;
> +
> +     return true;
> +
> +drop:
> +     kfree_skb(skb);
> +     return false;
> +}
> +

Formally, if an extension header could not be processed, the packet
should be discarded and an icmp error parameter extension should be
send. I think we shouldn't let those packets pass here.

Thanks,
Hannes

--
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to