| Message ID | 1564024076-13764-2-git-send-email-yanhaishuang@cmss.chinamobile.com |
|---|---|
| State | Accepted |
| Delegated to: | David Miller |
| Headers | show |
| Series | ipip: validate header length in ipip_tunnel_xmit | expand |
On Wed, Jul 24, 2019 at 11:09 PM Haishuang Yan <yanhaishuang@cmss.chinamobile.com> wrote: > > We need the same checks introduced by commit cb9f1b783850 > ("ip: validate header length on virtual device xmit") for > ipip tunnel. Fixes: cb9f1b783850b ("ip: validate header length on virtual device xmit") > Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> Good catch. reg_vif_xmit in net/ipv4/ipmr.c probably also needs it. All other ndo_start_xmit under net/ipv4 and net/ipv6 have this check as of the above commit.
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c index 43adfc1..2f01cf6 100644 --- a/net/ipv4/ipip.c +++ b/net/ipv4/ipip.c @@ -275,6 +275,9 @@ static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, const struct iphdr *tiph = &tunnel->parms.iph; u8 ipproto; + if (!pskb_inet_may_pull(skb)) + goto tx_error; + switch (skb->protocol) { case htons(ETH_P_IP): ipproto = IPPROTO_IPIP;
We need the same checks introduced by commit cb9f1b783850 ("ip: validate header length on virtual device xmit") for ipip tunnel. Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com> --- net/ipv4/ipip.c | 3 +++ 1 file changed, 3 insertions(+)