diff options
author | Changli Gao | 2010-07-29 15:41:46 +0200 |
---|---|---|
committer | David S. Miller | 2010-08-01 07:04:54 +0200 |
commit | 072d79a31a3b870b49886f4347e23f81b7eca3ac (patch) | |
tree | e007177c6d42e63a610ba0a8a811c0b4b1c0841a /net | |
parent | bridge: Fix skb leak when multicast parsing fails on TX (diff) | |
download | kernel-qcow2-linux-072d79a31a3b870b49886f4347e23f81b7eca3ac.tar.gz kernel-qcow2-linux-072d79a31a3b870b49886f4347e23f81b7eca3ac.tar.xz kernel-qcow2-linux-072d79a31a3b870b49886f4347e23f81b7eca3ac.zip |
act_nat: fix wild pointer
pskb_may_pull() may change skb pointers, so adjust icmph after pskb_may_pull().
Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/sched/act_nat.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c index 724553e8ed7b..ea008f57fc83 100644 --- a/net/sched/act_nat.c +++ b/net/sched/act_nat.c @@ -218,6 +218,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a, if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph))) goto drop; + icmph = (void *)(skb_network_header(skb) + ihl); iph = (void *)(icmph + 1); if (egress) addr = iph->daddr; |