--- zzzz-none-000/linux-2.6.32.61/net/ipv6/netfilter/nf_conntrack_reasm.c	2013-06-10 09:43:48.000000000 +0000
+++ ar10-7272-687/linux-2.6.32.61/net/ipv6/netfilter/nf_conntrack_reasm.c	2013-10-23 10:37:18.000000000 +0000
@@ -600,6 +600,18 @@
 	hdr = ipv6_hdr(clone);
 	fhdr = (struct frag_hdr *)skb_transport_header(clone);
 
+	if (!(fhdr->frag_off & htons(0xFFF9))) {
+		pr_debug("Invalid fragment offset\n");
+		/* It is not a fragmented frame */
+		goto ret_orig;
+	}
+
+	if (!(fhdr->frag_off & htons(0xFFF9))) {
+		pr_debug("Invalid fragment offset\n");
+		/* It is not a fragmented frame */
+		goto ret_orig;
+	}
+
 	if (atomic_read(&nf_init_frags.mem) > nf_init_frags.high_thresh)
 		nf_ct_frag6_evictor();