| Message ID | 20180418213534.6215-4-aring@mojatatu.com |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | net: sched: ife: malformed ife packet fixes | expand |
On Thu, Apr 19, 2018 at 12:35 AM, Alexander Aring <aring@mojatatu.com> wrote: > This patch checks if sk buffer is available to dererence ife header. If > not then NULL will returned to signal an malformed ife packet. This > avoids to crashing the kernel from outside. > > Signed-off-by: Alexander Aring <aring@mojatatu.com> Reviewed-by: Yotam Gigi <yotam.gi@gmail.com> > --- > net/ife/ife.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/ife/ife.c b/net/ife/ife.c > index 8632d2685efb..7c100034fbee 100644 > --- a/net/ife/ife.c > +++ b/net/ife/ife.c > @@ -70,6 +70,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen) > u16 ifehdrln; > > ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len); > + if (skb->len < skb->dev->hard_header_len + IFE_METAHDRLEN) > + return NULL; > + > ifehdrln = ntohs(ifehdr->metalen); > total_pull = skb->dev->hard_header_len + ifehdrln; > > -- > 2.11.0 >
On 19/04/18 01:37 AM, yotam gigi wrote: > On Thu, Apr 19, 2018 at 12:35 AM, Alexander Aring <aring@mojatatu.com> wrote: >> This patch checks if sk buffer is available to dererence ife header. If >> not then NULL will returned to signal an malformed ife packet. This >> avoids to crashing the kernel from outside. >> >> Signed-off-by: Alexander Aring <aring@mojatatu.com> > > Reviewed-by: Yotam Gigi <yotam.gi@gmail.com> > Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> cheers, jamal
diff --git a/net/ife/ife.c b/net/ife/ife.c index 8632d2685efb..7c100034fbee 100644 --- a/net/ife/ife.c +++ b/net/ife/ife.c @@ -70,6 +70,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen) u16 ifehdrln; ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len); + if (skb->len < skb->dev->hard_header_len + IFE_METAHDRLEN) + return NULL; + ifehdrln = ntohs(ifehdr->metalen); total_pull = skb->dev->hard_header_len + ifehdrln;
This patch checks if sk buffer is available to dererence ife header. If not then NULL will returned to signal an malformed ife packet. This avoids to crashing the kernel from outside. Signed-off-by: Alexander Aring <aring@mojatatu.com> --- net/ife/ife.c | 3 +++ 1 file changed, 3 insertions(+)