netfilter: drop outermost socket lock in getsockopt()

[pandora-kernel.git] / net / ipv6 / ip6_output.c

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index dd8aca8..c7568ce 100644 (file)
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -561,7 +561,7 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
 
 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
 {
-       u16 offset = sizeof(struct ipv6hdr);
+       unsigned int offset = sizeof(struct ipv6hdr);
        unsigned int packet_len = skb->tail - skb->network_header;
        int found_rhdr = 0;
        *nexthdr = &ipv6_hdr(skb)->nexthdr;
@@ -594,6 +594,8 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
                exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
                                                 offset);
                offset += ipv6_optlen(exthdr);
+               if (offset > IPV6_MAXPLEN)
+                       return -EINVAL;
                *nexthdr = &exthdr->nexthdr;
        }