flow: Add length check when retrieving TCP flags.

[openvswitch] / datapath / flow.c

diff --git a/datapath/flow.c b/datapath/flow.c
index fb4fc217baad59a3bf9942da3eff5023ae315130..27a8f249010a79a059f33a38e3bd154d61316899 100644 (file)
--- a/datapath/flow.c
+++ b/datapath/flow.c
@@ -185,7 +185,8 @@ void ovs_flow_used(struct sw_flow *flow, struct sk_buff *skb)
        u8 tcp_flags = 0;
 
        if (flow->key.eth.type == htons(ETH_P_IP) &&
-           flow->key.ip.proto == IPPROTO_TCP) {
+           flow->key.ip.proto == IPPROTO_TCP &&
+           likely(skb->len >= skb_transport_offset(skb) + sizeof(struct tcphdr))) {
                u8 *tcp = (u8 *)tcp_hdr(skb);
                tcp_flags = *(tcp + TCP_FLAGS_OFFSET) & TCP_FLAG_MASK;
        }