[PATCH] netfilter: ipv6: let ipv6_find_hdr() fail when offset can't be found

[PATCH] netfilter: ipv6: let ipv6_find_hdr() fail when offset can't be found

[JP Abgrall]

There are some cases where the caller wants the last target and only
the offset. But it turns out that there are cases with fragments where
the final nexthdr is something like IPPROTO_UDP.
This would lead the caller to believe the offset was valid.
Before the "fragoff" days, any fragment would cause a negative return value.
So return -ENOENT when fragoff is 0 and the offset can't be set.

Change-Id: Ib474e8a4267dd2b300feca325811330329684a88
Signed-off-by: JP Abgrall <jpa@google.com>
---
:100644 100644 94874b0... eda6703... M	net/ipv6/netfilter/ip6_tables.c
 net/ipv6/netfilter/ip6_tables.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 94874b0..eda6703 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -2300,7 +2300,7 @@ static void __exit ip6_tables_fini(void)
  * Note that non-1st fragment is special case that "the protocol number
  * of last header" is "next header" field in Fragment header. In this case,
  * *offset is meaningless and fragment offset is stored in *fragoff if fragoff
- * isn't NULL.
+ * isn't NULL. And if fragoff is NULL, function returns -1.
  *
  */
 int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
@@ -2344,6 +2344,8 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
 				     hp->nexthdr == NEXTHDR_NONE)) {
 					if (fragoff)
 						*fragoff = _frag_off;
+					else
+						return -ENOENT;
 					return hp->nexthdr;
 				}
 				return -ENOENT;
-- 
1.7.3.1