netfilter: ipv6: fix overlap check for fragments
Shan Wei [Fri, 12 Nov 2010 07:51:55 +0000 (08:51 +0100)]
The type of FRAG6_CB(prev)->offset is int, skb->len is *unsigned* int,
and offset is int.

Without this patch, type conversion occurred to this expression, when
(FRAG6_CB(prev)->offset + prev->len) is less than offset.

Signed-off-by: Shan Wei <shanwei@cn.fujitsu.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

net/ipv6/netfilter/nf_conntrack_reasm.c

index 3a3f129..79d43aa 100644 (file)
@@ -286,7 +286,7 @@ found:
 
        /* Check for overlap with preceding fragment. */
        if (prev &&
-           (NFCT_FRAG6_CB(prev)->offset + prev->len) - offset > 0)
+           (NFCT_FRAG6_CB(prev)->offset + prev->len) > offset)
                goto discard_fq;
 
        /* Look for overlap with succeeding segment. */