3.5.7.17 -stable review patch. If anyone has any objections, please let me know.
------------------ From: Phil Oester <[email protected]> commit b396966c4688522863572927cb30aa874b3ec504 upstream. Similar to commit bc6bcb59 ("netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary"), add safe fragment handling to xt_TCPMSS. Signed-off-by: Phil Oester <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]> Signed-off-by: Luis Henriques <[email protected]> --- net/netfilter/xt_TCPMSS.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index 4960b66..a77d786 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c @@ -55,6 +55,10 @@ tcpmss_mangle_packet(struct sk_buff *skb, u16 newmss; u8 *opt; + /* This is a fragment, no TCP header is available */ + if (par->fragoff != 0) + return XT_CONTINUE; + if (!skb_make_writable(skb, skb->len)) return -1; -- 1.8.1.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
