From: Dan Carpenter <dan.carpenter@xxxxxxxxxx> There is a typo in the error checking and "&&" was used instead of "||". If skb_header_pointer() returns NULL then it leads to a NULL dereference. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> Acked-by: Hans Schillstrom <hans.schillstrom@xxxxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- net/netfilter/xt_HMARK.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c index 32fbd73..5817d03 100644 --- a/net/netfilter/xt_HMARK.c +++ b/net/netfilter/xt_HMARK.c @@ -223,7 +223,7 @@ static int get_inner_hdr(const struct sk_buff *skb, int iphsz, int *nhoff) /* Not enough header? */ icmph = skb_header_pointer(skb, *nhoff + iphsz, sizeof(_ih), &_ih); - if (icmph == NULL && icmph->type > NR_ICMP_TYPES) + if (icmph == NULL || icmph->type > NR_ICMP_TYPES) return 0; /* Error message? */ -- 1.7.10 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
