TCP Option 0 should participate in bitmask too

aabc · aabc · commit faf869ce600f · 2023-01-18T08:59:59.000+03:00
Fixes: a1386af ("tcp options: fix possible shift-out-of-bounds") Signed-off-by: ABC <abc@openwall.com>
diff --git a/ipt_NETFLOW.c b/ipt_NETFLOW.c
@@ -4852,12 +4852,10 @@ static inline __u32 tcp_options(const struct sk_buff *skb, const unsigned int pt
 	for (i = 0; likely(i < optsize); ) {
 		u_int8_t opt = p[i++];
 
+		if (likely(opt < 32))
+			ret |= 1 << (31 - opt);
 		if (likely(opt == 0) || unlikely(p[i] < 2))
 			break;
-		if (likely(opt < 32)) {
-			/* IANA doc is messed up, see above. */
-			ret |= 1 << (31 - opt);
-		}
 		if (unlikely(opt == 1))
 			continue;
 		else
