src: Fix IPv6 Fragment Header processing

2 items: 1. frag_off (Fragment Offset pointer) overshot by 2 bytes because of adding offsetof() to it *after* it had been cast to uint16_t *. 2. Need to mask off LS 3 bits of ip6f_offlg *after* call to htons. Fixes: a0c885ae5a79 ("add pkt_buff and protocol helper functions") Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Duncan Roe <duncan_roe@optusnet.com.au> 2023-10-08 13:41:31 +1100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2023-10-08 11:07:02 +0200
commit: 151296423e475cd9008b56f893b1dd07912bf81a (patch)
tree: 7fc6aba63ad679ba6a50f5aab9b519c01710aa61
parent: 468b81e1959cea1ce22a78386aca14568922076e (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c
index 69d86a8..fd8ebc4 100644
--- a/src/extra/ipv6.c
+++ b/src/extra/ipv6.c
@@ -113,11 +113,11 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
 				break;
 			}
 
-			frag_off = (uint16_t *)cur +
-					offsetof(struct ip6_frag, ip6f_offlg);
+			frag_off = (uint16_t *)(cur +
+					offsetof(struct ip6_frag, ip6f_offlg));
 
 			/* Fragment offset is only 13 bits long. */
-			if (htons(*frag_off & ~0x7)) {
+			if (htons(*frag_off) & ~0x7) {
 				/* Not the first fragment, it does not contain
 				 * any headers.
 				 */
author	Duncan Roe <duncan_roe@optusnet.com.au>	2023-10-08 13:41:31 +1100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2023-10-08 11:07:02 +0200
commit	151296423e475cd9008b56f893b1dd07912bf81a (patch)
tree	7fc6aba63ad679ba6a50f5aab9b519c01710aa61
parent	468b81e1959cea1ce22a78386aca14568922076e (diff)