Merge https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Jakub Kicinski <kuba@kernel.org> 2020-11-19 19:08:46 -0800
committer: Jakub Kicinski <kuba@kernel.org> 2020-11-19 19:08:46 -0800
commit: 56495a2442a47d0ea752db62434913b3346fe5a5 (patch)
tree: 35284af165304f4fe47f0214a48a8708f76a0d28 /net/ipv6/netfilter
parent: 657bc1d10bfc23ac06d5d687ce45826c760744f9 (diff)
parent: 4d02da974ea85a62074efedf354e82778f910d82 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 054d287eb13d..c129ad334eb3 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -440,6 +440,7 @@ find_prev_fhdr(struct sk_buff *skb, u8 *prevhdrp, int *prevhoff, int *fhoff)
 int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user)
 {
 	u16 savethdr = skb->transport_header;
+	u8 nexthdr = NEXTHDR_FRAGMENT;
 	int fhoff, nhoff, ret;
 	struct frag_hdr *fhdr;
 	struct frag_queue *fq;
@@ -455,6 +456,14 @@ int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user)
 	if (find_prev_fhdr(skb, &prevhdr, &nhoff, &fhoff) < 0)
 		return 0;
 
+	/* Discard the first fragment if it does not include all headers
+	 * RFC 8200, Section 4.5
+	 */
+	if (ipv6frag_thdr_truncated(skb, fhoff, &nexthdr)) {
+		pr_debug("Drop incomplete fragment\n");
+		return 0;
+	}
+
 	if (!pskb_may_pull(skb, fhoff + sizeof(*fhdr)))
 		return -ENOMEM;
author	Jakub Kicinski <kuba@kernel.org>	2020-11-19 19:08:46 -0800
committer	Jakub Kicinski <kuba@kernel.org>	2020-11-19 19:08:46 -0800
commit	56495a2442a47d0ea752db62434913b3346fe5a5 (patch)
tree	35284af165304f4fe47f0214a48a8708f76a0d28 /net/ipv6/netfilter
parent	657bc1d10bfc23ac06d5d687ce45826c760744f9 (diff)
parent	4d02da974ea85a62074efedf354e82778f910d82 (diff)