From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Tue, 5 Feb 2008 11:15:50 +0000 (-0800)
Subject: [ICMP]: Restore pskb_pull calls in receive function
X-Git-Tag: v2.6.25-rc1~787^2~3
X-Git-Url: http://www.pilppa.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=8cf229437fd826c32a44546899412b1eb3e1db6f;p=linux-2.6-omap-h63xx.git

[ICMP]: Restore pskb_pull calls in receive function

Somewhere along the development of my ICMP relookup patch the header
length check went AWOL on the non-IPsec path.  This patch restores the
check.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index a7321a82df6..a13c074dac0 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -1015,7 +1015,8 @@ int icmp_rcv(struct sk_buff *skb)
 			goto error;
 	}
 
-	__skb_pull(skb, sizeof(*icmph));
+	if (!pskb_pull(skb, sizeof(*icmph)))
+		goto error;
 
 	icmph = icmp_hdr(skb);
 
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index cbb5b9cf84a..121d517bf91 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -683,7 +683,8 @@ static int icmpv6_rcv(struct sk_buff *skb)
 		}
 	}
 
-	__skb_pull(skb, sizeof(*hdr));
+	if (!pskb_pull(skb, sizeof(*hdr)))
+		goto discard_it;
 
 	hdr = icmp6_hdr(skb);