On Mon, Jan 16, 2023 at 10:35:55AM +0100, Sriram Yagnaraman wrote:
> skb_header_pointer() will return NULL if offset + sizeof(_sch) exceeds
> skb->len, so this offset < skb->len test is redundant.
>
> if sch->length == 0, this will end up in an infinite loop, add a check
> for sch->length > 0
If this is broken since the beginning, then:
Fixes: 9fb9cbb1082d ("[NETFILTER]: Add nf_conntrack subsystem.")
is sufficiently old for -stable kernels to pick up this.
Let me know if this looks good to you, thanks
