@@ -391,6 +391,8 @@ struct ip_hdr {
#define IP_HDR_SIZE (sizeof(struct ip_hdr))
+#define IP_MIN_FRAG_DATAGRAM_SIZE 28
+
/*
* Internet Protocol (IP) + UDP header.
*/
@@ -907,6 +907,9 @@ static struct ip_udp_hdr *__net_defragment(struct ip_udp_hdr *ip, int *lenp)
int offset8, start, len, done = 0;
u16 ip_off = ntohs(ip->ip_off);
+ if (ip->ip_len < IP_MIN_FRAG_DATAGRAM_SIZE)
+ return NULL;
+
/* payload starts after IP header, this fragment is in there */
payload = (struct hole *)(pkt_buff + IP_HDR_SIZE);
offset8 = (ip_off & IP_OFFS);