| Message ID | 20190702120021.13096-1-nikolay@cumulusnetworks.com |
|---|---|
| Headers | show |
| Series | net: bridge: fix possible stale skb pointers | expand |
From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Date: Tue, 2 Jul 2019 15:00:17 +0300 > In the bridge driver we have a couple of places which call pskb_may_pull > but we've cached skb pointers before that and use them after which can > lead to out-of-bounds/stale pointer use. I've had these in my "to fix" > list for some time and now we got a report (patch 01) so here they are. > Patches 02-04 are fixes based on code inspection. Also patch 01 was > tested by Martin Weinelt, Martin if you don't mind please add your > tested-by tag to it by replying with Tested-by: name <email>. > I've also briefly tested the set by trying to exercise those code paths. Series applied, thanks.
Hi, In the bridge driver we have a couple of places which call pskb_may_pull but we've cached skb pointers before that and use them after which can lead to out-of-bounds/stale pointer use. I've had these in my "to fix" list for some time and now we got a report (patch 01) so here they are. Patches 02-04 are fixes based on code inspection. Also patch 01 was tested by Martin Weinelt, Martin if you don't mind please add your tested-by tag to it by replying with Tested-by: name <email>. I've also briefly tested the set by trying to exercise those code paths. Thanks, Nik Nikolay Aleksandrov (4): net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query net: bridge: don't cache ether dest pointer on input net: bridge: stp: don't cache eth dest pointer before skb pull net/bridge/br_input.c | 8 +++----- net/bridge/br_multicast.c | 23 +++++++++++++---------- net/bridge/br_stp_bpdu.c | 3 +-- 3 files changed, 17 insertions(+), 17 deletions(-)