Skip to content
Commit a7f1a2f4 authored by Xin Long's avatar Xin Long Committed by Florian Westphal
Browse files

netfilter: bridge: check len before accessing more nh data 



In the while loop of br_nf_check_hbh_len(), similar to ip6_parse_tlv(),
before accessing 'nh[off + 1]', it should add a check 'len < 2'; and
before parsing IPV6_TLV_JUMBO, it should add a check 'optlen > len',
in case of overflows.

Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
Acked-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
Reviewed-by: default avatarAaron Conole <aconole@redhat.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
parent 9ccff83b
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment