commit | cf28cb51f01b4b7b713ca416661576448f8eee7e | [log] [tgz] |
---|---|---|
author | Pablo Neira Ayuso <pablo@netfilter.org> | Thu Jun 10 20:20:30 2021 +0200 |
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | Wed Jul 14 16:56:22 2021 +0200 |
tree | 59391f64c2af81b86f2b62f05d874616c404caaa | |
parent | 8f6714f3c12b827c2e46f17999c9535bad1a6f07 [diff] |
netfilter: nft_exthdr: check for IPv6 packet before further processing [ Upstream commit cdd73cc545c0fb9b1a1f7b209f4f536e7990cff4 ] ipv6_find_hdr() does not validate that this is an IPv6 packet. Add a sanity check for calling ipv6_find_hdr() to make sure an IPv6 packet is passed for parsing. Fixes: 96518518cc41 ("netfilter: add nftables") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>