'[PATCH] netfilter: ipv6: let ipv6_find_hdr() fail when offset can't be found'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    [PATCH] netfilter: ipv6: let ipv6_find_hdr() fail when offset can't be found
From:       JP Abgrall <jpa () google ! com>
Date:       2011-09-29 23:52:08
Message-ID: 1317340328-22751-1-git-send-email-jpa () google ! com
[Download RAW message or body]

There are some cases where the caller wants the last target and only
the offset. But it turns out that there are cases with fragments where
the final nexthdr is something like IPPROTO_UDP.
This would lead the caller to believe the offset was valid.
Before the "fragoff" days, any fragment would cause a negative return value.
So return -ENOENT when fragoff is 0 and the offset can't be set.

Change-Id: Ib474e8a4267dd2b300feca325811330329684a88
Signed-off-by: JP Abgrall <jpa@google.com>
---
:100644 100644 94874b0... eda6703... M	net/ipv6/netfilter/ip6_tables.c
 net/ipv6/netfilter/ip6_tables.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 94874b0..eda6703 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -2300,7 +2300,7 @@ static void __exit ip6_tables_fini(void)
  * Note that non-1st fragment is special case that "the protocol number
  * of last header" is "next header" field in Fragment header. In this case,
  * *offset is meaningless and fragment offset is stored in *fragoff if fragoff
- * isn't NULL.
+ * isn't NULL. And if fragoff is NULL, function returns -1.
  *
  */
 int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
@@ -2344,6 +2344,8 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
 				     hp->nexthdr == NEXTHDR_NONE)) {
 					if (fragoff)
 						*fragoff = _frag_off;
+					else
+						return -ENOENT;
 					return hp->nexthdr;
 				}
 				return -ENOENT;
-- 
1.7.3.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic