summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorChristoph Paasch <christoph.paasch@gmail.com>2009-05-05 15:32:16 +0200
committerPatrick McHardy <kaber@trash.net>2009-05-05 15:32:16 +0200
commitb98b4947cb79d670fceca0e951c092eea93e9baa (patch)
tree4daddb336ddbab1e7ac7a6b10e68add36ab908ac /net
parentnetfilter: add missing linux/types.h include to xt_LED.h (diff)
downloadlinux-b98b4947cb79d670fceca0e951c092eea93e9baa.tar.xz
linux-b98b4947cb79d670fceca0e951c092eea93e9baa.zip
netfilter: ip6t_ipv6header: fix match on packets ending with NEXTHDR_NONE
As packets ending with NEXTHDR_NONE don't have a last extension header, the check for the length needs to be after the check for NEXTHDR_NONE. Signed-off-by: Christoph Paasch <christoph.paasch@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv6/netfilter/ip6t_ipv6header.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 14e6724d5672..91490ad9302c 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -50,14 +50,14 @@ ipv6header_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
struct ipv6_opt_hdr _hdr;
int hdrlen;
- /* Is there enough space for the next ext header? */
- if (len < (int)sizeof(struct ipv6_opt_hdr))
- return false;
/* No more exthdr -> evaluate */
if (nexthdr == NEXTHDR_NONE) {
temp |= MASK_NONE;
break;
}
+ /* Is there enough space for the next ext header? */
+ if (len < (int)sizeof(struct ipv6_opt_hdr))
+ return false;
/* ESP -> evaluate */
if (nexthdr == NEXTHDR_ESP) {
temp |= MASK_ESP;