From 8cf229437fd826c32a44546899412b1eb3e1db6f Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Tue, 5 Feb 2008 03:15:50 -0800 Subject: [ICMP]: Restore pskb_pull calls in receive function Somewhere along the development of my ICMP relookup patch the header length check went AWOL on the non-IPsec path. This patch restores the check. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/ipv4/icmp.c | 3 ++- net/ipv6/icmp.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index a7321a82df6..a13c074dac0 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -1015,7 +1015,8 @@ int icmp_rcv(struct sk_buff *skb) goto error; } - __skb_pull(skb, sizeof(*icmph)); + if (!pskb_pull(skb, sizeof(*icmph))) + goto error; icmph = icmp_hdr(skb); diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index cbb5b9cf84a..121d517bf91 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -683,7 +683,8 @@ static int icmpv6_rcv(struct sk_buff *skb) } } - __skb_pull(skb, sizeof(*hdr)); + if (!pskb_pull(skb, sizeof(*hdr))) + goto discard_it; hdr = icmp6_hdr(skb); -- cgit v1.2.3