From: Ting-Wei Lan <lantw44@xxxxxxxxx>
---
src/extra/udp.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/extra/udp.c b/src/extra/udp.c
index eee732e..2a17a2f 100644
--- a/src/extra/udp.c
+++ b/src/extra/udp.c
@@ -56,13 +56,17 @@ EXPORT_SYMBOL(nfq_udp_get_hdr);
*/
void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb)
{
- unsigned int doff = udph->len;
+ uint16_t len = ntohs (udph->len);
- /* malformed UDP data offset. */
- if (pktb->transport_header + doff > pktb->tail)
+ /* the UDP packet is too short. */
+ if (len < sizeof(struct udphdr))
return NULL;
- return pktb->transport_header + doff;
+ /* malformed UDP packet. */
+ if (pktb->transport_header + len > pktb->tail)
+ return NULL;
+
+ return pktb->transport_header + sizeof(struct udphdr);
}
EXPORT_SYMBOL(nfq_udp_get_payload);
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
