summaryrefslogtreecommitdiff
path: root/net/ipv6/xfrm6_policy.c
diff options
context:
space:
mode:
authorYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>2006-04-18 14:46:52 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-04-18 15:57:51 -0700
commite3cae904d7df4f86ea1d13d459e667d389cc35e3 (patch)
treea855ecca9a8ab21b38c80cd5c1389f9f6d1a1f21 /net/ipv6/xfrm6_policy.c
parentec6700958a776a83681ecb11239c0525730c42ba (diff)
downloadkernel-common-e3cae904d7df4f86ea1d13d459e667d389cc35e3.tar.gz
kernel-common-e3cae904d7df4f86ea1d13d459e667d389cc35e3.tar.bz2
kernel-common-e3cae904d7df4f86ea1d13d459e667d389cc35e3.zip
[IPV6] XFRM: Don't use old copy of pointer after pskb_may_pull().
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/xfrm6_policy.c')
-rw-r--r--net/ipv6/xfrm6_policy.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 91cce8b2d7a5..588922bd9264 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -193,7 +193,7 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl)
{
u16 offset = sizeof(struct ipv6hdr);
struct ipv6hdr *hdr = skb->nh.ipv6h;
- struct ipv6_opt_hdr *exthdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset);
+ struct ipv6_opt_hdr *exthdr;
u8 nexthdr = skb->nh.ipv6h->nexthdr;
memset(fl, 0, sizeof(struct flowi));
@@ -201,6 +201,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl)
ipv6_addr_copy(&fl->fl6_src, &hdr->saddr);
while (pskb_may_pull(skb, skb->nh.raw + offset + 1 - skb->data)) {
+ exthdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset);
+
switch (nexthdr) {
case NEXTHDR_ROUTING:
case NEXTHDR_HOP: