cf28cb51f01b4b7b713ca416661576448f8eee7e - SHIFTPHONES/kernel/common

commit	cf28cb51f01b4b7b713ca416661576448f8eee7e	[log] [tgz]
author	Pablo Neira Ayuso <pablo@netfilter.org>	Thu Jun 10 20:20:30 2021 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Wed Jul 14 16:56:22 2021 +0200
tree	59391f64c2af81b86f2b62f05d874616c404caaa
parent	8f6714f3c12b827c2e46f17999c9535bad1a6f07 [diff]

netfilter: nft_exthdr: check for IPv6 packet before further processing

[ Upstream commit cdd73cc545c0fb9b1a1f7b209f4f536e7990cff4 ]

ipv6_find_hdr() does not validate that this is an IPv6 packet. Add a
sanity check for calling ipv6_find_hdr() to make sure an IPv6 packet
is passed for parsing.

Fixes: 96518518cc41 ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

net/netfilter/nft_exthdr.c[diff]

1 file changed

tree: 59391f64c2af81b86f2b62f05d874616c404caaa