if (unlikely(skb->mac_header >= skb->network_header || skb->len == 0))
{
**drop packet**
}
in __bpf_redirect_common() is insufficient since it only checks if the
mac header is misordered or if the data length is 0. So, any packet
with a malformed MAC header that is not 14 bytes but is not 0 doesn't
get dropped. Adding bounds checks for mac header size should fix this.
And from what I see in the syz test of this patch, it does.
Are there any possible unexpected issues that can be caused by this?
