netfilter: ipv6: fix overlap check for fragments
The type of FRAG6_CB(prev)->offset is int, skb->len is *unsigned* int, and offset is int. Without this patch, type conversion occurred to this expression, when (FRAG6_CB(prev)->offset + prev->len) is less than offset. Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
ac5aa2e333
commit
22e091e525
1 changed files with 1 additions and 1 deletions
|
@ -286,7 +286,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
|
|||
|
||||
/* Check for overlap with preceding fragment. */
|
||||
if (prev &&
|
||||
(NFCT_FRAG6_CB(prev)->offset + prev->len) - offset > 0)
|
||||
(NFCT_FRAG6_CB(prev)->offset + prev->len) > offset)
|
||||
goto discard_fq;
|
||||
|
||||
/* Look for overlap with succeeding segment. */
|
||||
|
|
Loading…
Reference in a new issue