[TCP]: Make sure write_queue_from does not begin with NULL ptr

[~andy/linux] / net / xfrm / xfrm_input.c

diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 113f44429982d26ad4ffce161187cceaf0115073..cb97fda1b6dfa196aedea7e091599cb944b61950 100644 (file)
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -49,13 +49,16 @@ EXPORT_SYMBOL(secpath_dup);
 int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq)
 {
        int offset, offset_seq;
+       int hlen;
 
        switch (nexthdr) {
        case IPPROTO_AH:
+               hlen = sizeof(struct ip_auth_hdr);
                offset = offsetof(struct ip_auth_hdr, spi);
                offset_seq = offsetof(struct ip_auth_hdr, seq_no);
                break;
        case IPPROTO_ESP:
+               hlen = sizeof(struct ip_esp_hdr);
                offset = offsetof(struct ip_esp_hdr, spi);
                offset_seq = offsetof(struct ip_esp_hdr, seq_no);
                break;
@@ -69,7 +72,7 @@ int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq)
                return 1;
        }
 
-       if (!pskb_may_pull(skb, 16))
+       if (!pskb_may_pull(skb, hlen))
                return -EINVAL;
 
        *spi = *(__be32*)(skb_transport_header(skb) + offset);