summaryrefslogtreecommitdiffstats
path: root/net/bridge
diff options
context:
space:
mode:
Diffstat (limited to 'net/bridge')
-rw-r--r--net/bridge/br_netfilter_ipv6.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/net/bridge/br_netfilter_ipv6.c b/net/bridge/br_netfilter_ipv6.c
index 6b07f30675bb..afd1c718b683 100644
--- a/net/bridge/br_netfilter_ipv6.c
+++ b/net/bridge/br_netfilter_ipv6.c
@@ -45,14 +45,18 @@
*/
static int br_nf_check_hbh_len(struct sk_buff *skb)
{
- unsigned char *raw = (u8 *)(ipv6_hdr(skb) + 1);
+ int len, off = sizeof(struct ipv6hdr);
+ unsigned char *nh;
u32 pkt_len;
- const unsigned char *nh = skb_network_header(skb);
- int off = raw - nh;
- int len = (raw[1] + 1) << 3;
- if ((raw + len) - skb->data > skb_headlen(skb))
+ if (!pskb_may_pull(skb, off + 8))
goto bad;
+ nh = (unsigned char *)(ipv6_hdr(skb) + 1);
+ len = (nh[1] + 1) << 3;
+
+ if (!pskb_may_pull(skb, off + len))
+ goto bad;
+ nh = skb_network_header(skb);
off += 2;
len -= 2;
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-02 06:20:44 +0100