f4a87e7bd2
TCP packets hitting the SYN proxy through the SYNPROXY target are not validated by TCP conntrack. When th->doff is below 5, an underflow happens when calculating the options length, causing skb_header_pointer() to return NULL and triggering the BUG_ON(). Handle this case gracefully by checking for NULL instead of using BUG_ON(). Reported-by: Martin Topholm <mph@one.com> Tested-by: Martin Topholm <mph@one.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
---|---|---|
.. | ||
ip6_tables.c | ||
ip6t_ah.c | ||
ip6t_eui64.c | ||
ip6t_frag.c | ||
ip6t_hbh.c | ||
ip6t_ipv6header.c | ||
ip6t_MASQUERADE.c | ||
ip6t_mh.c | ||
ip6t_NPT.c | ||
ip6t_REJECT.c | ||
ip6t_rpfilter.c | ||
ip6t_rt.c | ||
ip6t_SYNPROXY.c | ||
ip6table_filter.c | ||
ip6table_mangle.c | ||
ip6table_nat.c | ||
ip6table_raw.c | ||
ip6table_security.c | ||
Kconfig | ||
Makefile | ||
nf_conntrack_l3proto_ipv6.c | ||
nf_conntrack_proto_icmpv6.c | ||
nf_conntrack_reasm.c | ||
nf_defrag_ipv6_hooks.c | ||
nf_nat_l3proto_ipv6.c | ||
nf_nat_proto_icmpv6.c |