X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fip_conntrack_proto_tcp.c;h=1cc796556f27672a22bcdb8a5e4d565227232c3e;hb=9213980e6a70d8473e0ffd4b39ab5b6caaba9ff5;hp=9bcb718eca165aae6ccbf65acf28a325e39a46b4;hpb=5273a3df6485dc2ad6aa7ddd441b9a21970f003b;p=linux-2.6.git

diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index 9bcb718ec..1cc796556 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -177,6 +177,8 @@ static int tcp_packet(struct ip_conntrack *conntrack,
 
 	if (skb_copy_bits(skb, skb->nh.iph->ihl * 4, &tcph, sizeof(tcph)) != 0)
 		return -1;
+	if (skb->len < skb->nh.iph->ihl * 4 + tcph.doff * 4)
+		return -1;
 
 	/* If only reply is a RST, we can consider ourselves not to
 	   have an established connection: this is a fairly common