netfilter: xt_HMARK: potential NULL dereference in get_inner_hdr()

There is a typo in the error checking and "&&" was used instead of "||".
If skb_header_pointer() returns NULL then it leads to a NULL
dereference.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c
index 32fbd735d02b32eb62a8ba388e87fea5fd35d48c..5817d03105b23a35de565c4d31433d6b5232f40a 100644 (file)
--- a/net/netfilter/xt_HMARK.c
+++ b/net/netfilter/xt_HMARK.c
@@ -223,7 +223,7 @@ static int get_inner_hdr(const struct sk_buff *skb, int iphsz, int *nhoff)
 
        /* Not enough header? */
        icmph = skb_header_pointer(skb, *nhoff + iphsz, sizeof(_ih), &_ih);
-       if (icmph == NULL && icmph->type > NR_ICMP_TYPES)
+       if (icmph == NULL || icmph->type > NR_ICMP_TYPES)
                return 0;
 
        /* Error message? */