diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv6/ipv6_sockglue.c | 11 | 
1 files changed, 7 insertions, 4 deletions
| diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index c042ce19bd14..86e28a75267f 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -345,18 +345,21 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,  	case IPV6_DSTOPTS:  	{  		struct ipv6_txoptions *opt; + +		/* remove any sticky options header with a zero option +		 * length, per RFC3542. +		 */  		if (optlen == 0)  			optval = NULL; +		else if (optlen < sizeof(struct ipv6_opt_hdr) || +			 optlen & 0x7 || optlen > 8 * 255) +			goto e_inval;  		/* hop-by-hop / destination options are privileged option */  		retv = -EPERM;  		if (optname != IPV6_RTHDR && !capable(CAP_NET_RAW))  			break; -		if (optlen < sizeof(struct ipv6_opt_hdr) || -		    optlen & 0x7 || optlen > 8 * 255) -			goto e_inval; -  		opt = ipv6_renew_options(sk, np->opt, optname,  					 (struct ipv6_opt_hdr __user *)optval,  					 optlen); | 
