Here is the patch submitted to upstream net tree. Waiting for it to be accepted:
From: Sarveshwar Bandi <email address hidden>
If lower layer driver leaves the ip header in the skb fragment, it needs to be first pulled into skb->data before inspecting ip header length or ip version number.
Here is the patch submitted to upstream net tree. Waiting for it to be accepted:
From: Sarveshwar Bandi <email address hidden>
If lower layer driver leaves the ip header in the skb fragment, it needs to be first pulled into skb->data before inspecting ip header length or ip version number.
Signed-off-by: Sarveshwar Bandi <email address hidden> br_netfilter. c | 3 +++
---
net/bridge/
1 file changed, 3 insertions(+)
diff --git a/net/bridge/ br_netfilter. c b/net/bridge/ br_netfilter. c index 68e8f36..fe43bc7 100644 br_netfilter. c br_netfilter. c ip_options( struct sk_buff *skb)
--- a/net/bridge/
+++ b/net/bridge/
@@ -265,6 +265,9 @@ static int br_parse_
struct net_device *dev = skb->dev;
u32 len;
+ if (!pskb_ may_pull( skb, sizeof(struct iphdr)))
+ goto inhdr_error;
+
iph = ip_hdr(skb);
opt = &(IPCB(skb)->opt);
--
1.7.9.5