From: Phil Oester Date: Wed, 12 Jun 2013 08:58:20 +0000 (+0200) Subject: netfilter: xt_TCPMSS: Fix missing fragmentation handling X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=b396966c4688522863572927cb30aa874b3ec504;p=linux-beck.git netfilter: xt_TCPMSS: Fix missing fragmentation handling Similar to commit bc6bcb59 ("netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary"), add safe fragment handling to xt_TCPMSS. Signed-off-by: Phil Oester Signed-off-by: Pablo Neira Ayuso --- diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index 6640a224f9fb..7011c71646f0 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c @@ -57,6 +57,10 @@ tcpmss_mangle_packet(struct sk_buff *skb, u16 newmss; u8 *opt; + /* This is a fragment, no TCP header is available */ + if (par->fragoff != 0) + return XT_CONTINUE; + if (!skb_make_writable(skb, skb->len)) return -1;