diff options
| -rw-r--r-- | kernel/net/netfilter/ipset/ip_set_getport.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_getport.c b/kernel/net/netfilter/ipset/ip_set_getport.c index 279a03c..a0d96eb 100644 --- a/kernel/net/netfilter/ipset/ip_set_getport.c +++ b/kernel/net/netfilter/ipset/ip_set_getport.c @@ -135,9 +135,7 @@ ip_set_get_ip6_port(const struct sk_buff *skb, bool src, { int protoff; u8 nexthdr; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 3, 0) - __be16 frag_off; -#endif + __be16 frag_off = 0; nexthdr = ipv6_hdr(skb)->nexthdr; #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 3, 0) @@ -146,7 +144,7 @@ ip_set_get_ip6_port(const struct sk_buff *skb, bool src, #else protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr); #endif - if (protoff < 0) + if (protoff < 0 || (frag_off & htons(~0x7)) != 0) return false; return get_port(skb, nexthdr, protoff, src, port, proto); |