| From f1646d49977c647ee1859b95cebae7f28734d89e Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Wed, 5 May 2021 22:25:24 +0200 |
| Subject: netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL |
| check |
| |
| From: Pablo Neira Ayuso <pablo@netfilter.org> |
| |
| [ Upstream commit 5e024c325406470d1165a09c6feaf8ec897936be ] |
| |
| Do not assume that the tcph->doff field is correct when parsing for TCP |
| options, skb_header_pointer() might fail to fetch these bits. |
| |
| Fixes: 11eeef41d5f6 ("netfilter: passive OS fingerprint xtables match") |
| Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| net/netfilter/nfnetlink_osf.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| diff --git a/net/netfilter/nfnetlink_osf.c b/net/netfilter/nfnetlink_osf.c |
| index 916a3c7f9eaf..79fbf37291f3 100644 |
| --- a/net/netfilter/nfnetlink_osf.c |
| +++ b/net/netfilter/nfnetlink_osf.c |
| @@ -186,6 +186,8 @@ static const struct tcphdr *nf_osf_hdr_ctx_init(struct nf_osf_hdr_ctx *ctx, |
| |
| ctx->optp = skb_header_pointer(skb, ip_hdrlen(skb) + |
| sizeof(struct tcphdr), ctx->optsize, opts); |
| + if (!ctx->optp) |
| + return NULL; |
| } |
| |
| return tcp; |
| -- |
| 2.30.2 |
| |