bridge: Fix IPv6 multicast snooping by correcting offset in MLDv2 report
Linus Lüssing [Tue, 15 Feb 2011 13:19:18 +0000 (13:19 +0000)]
We actually want a pointer to the grec_nsrcr and not the following
field. Otherwise we can get very high values for *nsrcs as the first two
bytes of the IPv6 multicast address are being used instead, leading to
a failing pskb_may_pull() which results in MLDv2 reports not being
parsed.

Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/bridge/br_multicast.c

index 17708fc..d69beaf 100644 (file)
@@ -1013,7 +1013,7 @@ static int br_ip6_multicast_mld2_report(struct net_bridge *br,
 
                nsrcs = skb_header_pointer(skb,
                                           len + offsetof(struct mld2_grec,
-                                                         grec_mca),
+                                                         grec_nsrcs),
                                           sizeof(_nsrcs), &_nsrcs);
                if (!nsrcs)
                        return -EINVAL;