In handle_arp_snat() and snat_pre_route() pull enough payload into the headers.

[sliver-openvswitch.git] / datapath / nx_act_snat.c

diff --git a/datapath/nx_act_snat.c b/datapath/nx_act_snat.c
index 6334285..8bf2ed7 100644 (file)
--- a/datapath/nx_act_snat.c
+++ b/datapath/nx_act_snat.c
@@ -205,6 +205,9 @@ handle_arp_snat(struct sk_buff *skb)
        struct net_bridge_port *p = skb->dev->br_port;
        struct ip_arphdr *ah = (struct ip_arphdr *)arp_hdr(skb);
 
+       if (!pskb_may_pull(skb, sizeof *ah))
+               return 0;
+
        if ((ah->ar_op != htons(ARPOP_REQUEST)) 
                        || ah->ar_hln != ETH_ALEN
                        || ah->ar_pro != htons(ETH_P_IP)
@@ -305,6 +308,9 @@ snat_pre_route(struct sk_buff *skb)
        else if (skb->protocol != htons(ETH_P_IP)) 
                return 0;
 
+       if (!pskb_may_pull(skb, sizeof *iph))
+               goto ipv4_error;
+
        iph = ip_hdr(skb);
        if (iph->ihl < 5 || iph->version != 4)
                goto ipv4_error;