From patchwork Thu Apr 19 22:14:43 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Aring <aring@mojatatu.com>
X-Patchwork-Id: 901540
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=mojatatu.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=mojatatu-com.20150623.gappssmtp.com
	header.i=@mojatatu-com.20150623.gappssmtp.com
	header.b="NNJNU1tv"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40Rtb84mqXz9s1t
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 20 Apr 2018 08:15:16 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753779AbeDSWPO (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 19 Apr 2018 18:15:14 -0400
Received: from mail-io0-f195.google.com ([209.85.223.195]:32905 "EHLO
	mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753527AbeDSWPM (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 19 Apr 2018 18:15:12 -0400
Received: by mail-io0-f195.google.com with SMTP id s25-v6so2415606ioa.0
	for <netdev@vger.kernel.org>; Thu, 19 Apr 2018 15:15:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=mojatatu-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=ZC3fcZ+RpFyuXMDZj8NpR1HzBPSwIX4X3cK/ojdO6j0=;
	b=NNJNU1tvtiTigeubf+5YJZDkFTGPzYpT4/oJV2FLlxx5kjHFRDzBFQ9Fuv1XUd3zOn
	xII88yu1wn4k0YqUocfrtEH7chi5GYVyl2reeZhjdVkEWmdt7vduIY53Bc4G03KBzEL5
	9GV5d+t+9Q42YAXYLlIQ9mdzd2mTKaytz684VqzqmzSwGrBdCEuynaFwZlwZ5gKAG7ZH
	JaEcwOqu7wAAQHQFTiFBr4kC9zvHcO2PKRZPpkG8DF4UU6ZUPkG9PTHMIzssOKo5mDwi
	y7wuaCK81//yj9+j0tZbYaoAARVf68l8gum5S1hWQxDmzMC7Ltgc7ks3Mui1jf8C6SiX
	4uNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=ZC3fcZ+RpFyuXMDZj8NpR1HzBPSwIX4X3cK/ojdO6j0=;
	b=Hj2t2/i5FMVeh6+ysHdOE/T5tQ7BBY0WcbXgfaGJG2safOpFuH2rHJULi2NB//6aVO
	qM2/eDzNExTb1dRq/INKKpsJLUQupdEpyYOnv8CFXHIxgboojh/62pCWvUgH5Ktp0tiP
	AW8qvdoWw7G7hE8vcLvYBG6llaT4jj9lKPmJWEnycHldwWWLoACjFsgIndd+LSbOl+Mm
	X33WeoxjeVpajIWNXrm2EyRBs76FxSAKdyo3RHVZPxHGLEg0xnJITzbhE0rVKELHQCGm
	ysdW5+nJXLUBlVCoNTlZc4qNKazGLlNRBjsAtIqGLRjsv4yU0MWL9jVbNtyb3whoAjap
	6fww==
X-Gm-Message-State: ALQs6tC/+pZbIyNtO18AIDblMNY55zTuVcNNw9/3v44SLzK5grAs3XMj
	eLFEAVuaw2Dxv4ZGNiTn+uCO2A==
X-Google-Smtp-Source: 
 AB8JxZowRIhrRfugouqwb0ioo8dJGOzNp/78Wubn+nwiNDbabNNeZhNJ0uuOY+PHzVsqZapYnRnZoA==
X-Received: by 2002:a6b:c9d8:: with SMTP id
	z207-v6mr8431033iof.266.1524176111614;
	Thu, 19 Apr 2018 15:15:11 -0700 (PDT)
Received: from x220t.lan ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id
	z5-v6sm2287198ioe.58.2018.04.19.15.15.10
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 19 Apr 2018 15:15:11 -0700 (PDT)
From: Alexander Aring <aring@mojatatu.com>
To: yotam.gi@gmail.com
Cc: jhs@mojatatu.com, davem@davemloft.net, xiyou.wangcong@gmail.com,
	jiri@resnulli.us, yuvalm@mellanox.com, netdev@vger.kernel.org,
	kernel@mojatatu.com, Alexander Aring <aring@mojatatu.com>
Subject: [PATCHv3 net 1/3] net: sched: ife: signal not finding metaid
Date: Thu, 19 Apr 2018 18:14:43 -0400
Message-Id: <20180419221445.26205-2-aring@mojatatu.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180419221445.26205-1-aring@mojatatu.com>
References: <20180419221445.26205-1-aring@mojatatu.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

We need to record stats for received metadata that we dont know how
to process. Have find_decode_metaid() return -ENOENT to capture this.

Signed-off-by: Alexander Aring <aring@mojatatu.com>
Reviewed-by: Yotam Gigi <yotam.gi@gmail.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 net/sched/act_ife.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c
index a5994cf0512b..49b8ab551fbe 100644
--- a/net/sched/act_ife.c
+++ b/net/sched/act_ife.c
@@ -652,7 +652,7 @@ static int find_decode_metaid(struct sk_buff *skb, struct tcf_ife_info *ife,
 		}
 	}
 
-	return 0;
+	return -ENOENT;
 }
 
 static int tcf_ife_decode(struct sk_buff *skb, const struct tc_action *a,

From patchwork Thu Apr 19 22:14:44 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Aring <aring@mojatatu.com>
X-Patchwork-Id: 901541
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=mojatatu.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=mojatatu-com.20150623.gappssmtp.com
	header.i=@mojatatu-com.20150623.gappssmtp.com
	header.b="eE6QCAPW"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40Rtb936sSz9s3F
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 20 Apr 2018 08:15:17 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753531AbeDSWPP (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 19 Apr 2018 18:15:15 -0400
Received: from mail-io0-f194.google.com ([209.85.223.194]:45684 "EHLO
	mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753750AbeDSWPN (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 19 Apr 2018 18:15:13 -0400
Received: by mail-io0-f194.google.com with SMTP id a7-v6so8391052ioc.12
	for <netdev@vger.kernel.org>; Thu, 19 Apr 2018 15:15:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=mojatatu-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=fQ+c5CThU/W/+XvIOAE9hvPo7oD5mP2q37ly5R4/DAI=;
	b=eE6QCAPWZfnM6PjsoY3Mqkt2nPYpCPkjEZgtNppfbbQDCafwthVqLK7laYVAmh34C0
	rTNRjfFX91kKCDdFFibbG00C5NZS+Fcb5bfjpeeoeuEBiv6Yp9ARuB9SL6rGjlK1xtxQ
	Ya1gbl5cqubbc+S4aPKD2U0a5dcbT6zeF5UdTU86VAwDmObj8PVXRD1bqLMaFQFJio17
	4sa4zAlWrAaQo9kIyZAZP2cEJqlALFVakU/BdE78PKKSVQWTwoQ673ud/p8lVP3tZsqw
	REhgbaQWSdIJMwj27ZwAxU/i3dlpskFTJGhyd27Z1R4SKPgRn8nb1AIw4xA/1Vsuw8rQ
	f1Ew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=fQ+c5CThU/W/+XvIOAE9hvPo7oD5mP2q37ly5R4/DAI=;
	b=nBC9B6Pg3GjWVPYRWf0P3KDTpQGB5kQtiu8j/1CEJWoxEtoORgGcdGXQURpBHpTcHx
	smHp4Uvmx+X6uU4Ls6N6ErGacRGCVfqkCYYFd46KSVyNoPyBtAC+S0Shbz2YFcwUJty7
	GlJDJ8focsklVOm0EgSMJ2qHYpm6u+YS/xzXnPpy2MnnsWSOaI0okoLcvt6zHqHqAxna
	DlBJX1P5AajgwZshu9tv6/f1gfrTlWWYRMTok2ivEX0Zv7gJNl1p/WlEXWcOwBll4JgC
	859Ob0XAG/FmwO6Nv872RJ1wD9urX7mGdE++WBZUShQWbDtfXsydze5afM578B3eXIZc
	o1tA==
X-Gm-Message-State: ALQs6tA8t+8wlkfRb5c5NZuC+Ze3dAXYcUtVkGPVaPbPF6MVqdqPq23A
	TNHgdJBJrwKePBOwJfIN+LjNIA==
X-Google-Smtp-Source: 
 AIpwx49UZHg4edDeNYspM5ZANJCl2GaJ2fCqGP/NC6Llv3S/E0we8enqU1aBslyjULzaz/EEkARSzg==
X-Received: by 2002:a6b:aae0:: with SMTP id
	g93-v6mr8123663ioj.202.1524176112837;
	Thu, 19 Apr 2018 15:15:12 -0700 (PDT)
Received: from x220t.lan ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id
	z5-v6sm2287198ioe.58.2018.04.19.15.15.11
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 19 Apr 2018 15:15:12 -0700 (PDT)
From: Alexander Aring <aring@mojatatu.com>
To: yotam.gi@gmail.com
Cc: jhs@mojatatu.com, davem@davemloft.net, xiyou.wangcong@gmail.com,
	jiri@resnulli.us, yuvalm@mellanox.com, netdev@vger.kernel.org,
	kernel@mojatatu.com, Alexander Aring <aring@mojatatu.com>
Subject: [PATCHv3 net 2/3] net: sched: ife: handle malformed tlv length
Date: Thu, 19 Apr 2018 18:14:44 -0400
Message-Id: <20180419221445.26205-3-aring@mojatatu.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180419221445.26205-1-aring@mojatatu.com>
References: <20180419221445.26205-1-aring@mojatatu.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

There is currently no handling to check on a invalid tlv length. This
patch adds such handling to avoid killing the kernel with a malformed
ife packet.

Signed-off-by: Alexander Aring <aring@mojatatu.com>
Reviewed-by: Yotam Gigi <yotam.gi@gmail.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 include/net/ife.h   |  3 ++-
 net/ife/ife.c       | 35 +++++++++++++++++++++++++++++++++--
 net/sched/act_ife.c |  7 ++++++-
 3 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/include/net/ife.h b/include/net/ife.h
index 44b9c00f7223..e117617e3c34 100644
--- a/include/net/ife.h
+++ b/include/net/ife.h
@@ -12,7 +12,8 @@
 void *ife_encode(struct sk_buff *skb, u16 metalen);
 void *ife_decode(struct sk_buff *skb, u16 *metalen);
 
-void *ife_tlv_meta_decode(void *skbdata, u16 *attrtype, u16 *dlen, u16 *totlen);
+void *ife_tlv_meta_decode(void *skbdata, const void *ifehdr_end, u16 *attrtype,
+			  u16 *dlen, u16 *totlen);
 int ife_tlv_meta_encode(void *skbdata, u16 attrtype, u16 dlen,
 			const void *dval);
 
diff --git a/net/ife/ife.c b/net/ife/ife.c
index 7d1ec76e7f43..7fbe70a0af4b 100644
--- a/net/ife/ife.c
+++ b/net/ife/ife.c
@@ -92,12 +92,43 @@ struct meta_tlvhdr {
 	__be16 len;
 };
 
+static bool __ife_tlv_meta_valid(const unsigned char *skbdata,
+				 const unsigned char *ifehdr_end)
+{
+	const struct meta_tlvhdr *tlv;
+	u16 tlvlen;
+
+	if (unlikely(skbdata + sizeof(*tlv) > ifehdr_end))
+		return false;
+
+	tlv = (const struct meta_tlvhdr *)skbdata;
+	tlvlen = ntohs(tlv->len);
+
+	/* tlv length field is inc header, check on minimum */
+	if (tlvlen < NLA_HDRLEN)
+		return false;
+
+	/* overflow by NLA_ALIGN check */
+	if (NLA_ALIGN(tlvlen) < tlvlen)
+		return false;
+
+	if (unlikely(skbdata + NLA_ALIGN(tlvlen) > ifehdr_end))
+		return false;
+
+	return true;
+}
+
 /* Caller takes care of presenting data in network order
  */
-void *ife_tlv_meta_decode(void *skbdata, u16 *attrtype, u16 *dlen, u16 *totlen)
+void *ife_tlv_meta_decode(void *skbdata, const void *ifehdr_end, u16 *attrtype,
+			  u16 *dlen, u16 *totlen)
 {
-	struct meta_tlvhdr *tlv = (struct meta_tlvhdr *) skbdata;
+	struct meta_tlvhdr *tlv;
+
+	if (!__ife_tlv_meta_valid(skbdata, ifehdr_end))
+		return NULL;
 
+	tlv = (struct meta_tlvhdr *)skbdata;
 	*dlen = ntohs(tlv->len) - NLA_HDRLEN;
 	*attrtype = ntohs(tlv->type);
 
diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c
index 49b8ab551fbe..8527cfdc446d 100644
--- a/net/sched/act_ife.c
+++ b/net/sched/act_ife.c
@@ -682,7 +682,12 @@ static int tcf_ife_decode(struct sk_buff *skb, const struct tc_action *a,
 		u16 mtype;
 		u16 dlen;
 
-		curr_data = ife_tlv_meta_decode(tlv_data, &mtype, &dlen, NULL);
+		curr_data = ife_tlv_meta_decode(tlv_data, ifehdr_end, &mtype,
+						&dlen, NULL);
+		if (!curr_data) {
+			qstats_drop_inc(this_cpu_ptr(ife->common.cpu_qstats));
+			return TC_ACT_SHOT;
+		}
 
 		if (find_decode_metaid(skb, ife, mtype, dlen, curr_data)) {
 			/* abuse overlimits to count when we receive metadata

From patchwork Thu Apr 19 22:14:45 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexander Aring <aring@mojatatu.com>
X-Patchwork-Id: 901542
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=mojatatu.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=mojatatu-com.20150623.gappssmtp.com
	header.i=@mojatatu-com.20150623.gappssmtp.com
	header.b="ogz70xat"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40RtbF6bpwz9s1t
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 20 Apr 2018 08:15:21 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753783AbeDSWPU (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 19 Apr 2018 18:15:20 -0400
Received: from mail-io0-f196.google.com ([209.85.223.196]:42989 "EHLO
	mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753527AbeDSWPP (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 19 Apr 2018 18:15:15 -0400
Received: by mail-io0-f196.google.com with SMTP id l2-v6so6946515iog.9
	for <netdev@vger.kernel.org>; Thu, 19 Apr 2018 15:15:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=mojatatu-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=LyOj+km60RHiTzfLcIMQsBpbhuacM3tgN3gT9JduhY0=;
	b=ogz70xatdQZobwqsw2/eyHoFWEx6qKt5uK1hxveoaKOoAHnPG6aU0KuQr8OL8V+g9B
	K0ZSxvOUEtLSEeuzt6u3wECY0ZQ4XpNknoPRv5kejjPDb+1Ad+5Pt0FUsOslKDhEaUBM
	VyMuCVKRgXg0JraQgadUZ/pCM22QvaLIFQsQ++5iGqpE+prrTos4MMu/5yvaCAzqAaUw
	aG2fxU2e+vcWPOz8K3tYuheppG59VUwZ70PJLQQDLlfpK84y4C6LupDh1XtwWJzrg8ad
	gHCzkFvJb4RphxWhcIhPPpWgWUZrss/LSm8e5Kcn22mPlZ2Mu4NWJM5iJ8P/DiV5ybC6
	wcxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=LyOj+km60RHiTzfLcIMQsBpbhuacM3tgN3gT9JduhY0=;
	b=WBcACEHkI8qglLZ8S3D7TeBZ+4mRSrL9ZCAJP3dgfEgm2lBU8WAK1jFGQieE/0B7C+
	395zmTCs/oTT46i2eVIMrs3qfRwBLlDaF7ytBWJxItp2P6/pznWtMiKaCtIvqEQdHLgs
	30uDhs5fWYD7YwKigtkvtbHZMSt6rx7XlSTH802CefSCuC/IbdtW6Dhwa/2y/nFIwsAr
	Q3OVfDnQzWB3dz3v/Q5FW2IxPCfnqJNk3DB0Fg4DN2h2F4K/bbROM9xfln24KBfGtTzc
	EuYkGEjNBEJtCFylxnW4cWwe/+0RQU6vONYJIMOFd0rlDSbZV/rJy52HqBXynz1CKdD/
	WAtA==
X-Gm-Message-State: ALQs6tBPwSkGMK8OmVnUx7RQveIr7fz0wRcAXeJBNX6A3vuCbgY/+EWS
	PhoFpE6HvVGNtjIFVUBE4Xe+DQ==
X-Google-Smtp-Source: 
 AB8JxZrs2/PwfAX7NldocU7ktD+dbUzQw6oJlCIFh+4xSq6/C6N4ePMYNZHqjTILbefuStIHaVEpXQ==
X-Received: by 2002:a6b:e80f:: with SMTP id
	f15-v6mr5790963ioh.146.1524176114170;
	Thu, 19 Apr 2018 15:15:14 -0700 (PDT)
Received: from x220t.lan ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id
	z5-v6sm2287198ioe.58.2018.04.19.15.15.12
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 19 Apr 2018 15:15:13 -0700 (PDT)
From: Alexander Aring <aring@mojatatu.com>
To: yotam.gi@gmail.com
Cc: jhs@mojatatu.com, davem@davemloft.net, xiyou.wangcong@gmail.com,
	jiri@resnulli.us, yuvalm@mellanox.com, netdev@vger.kernel.org,
	kernel@mojatatu.com, Alexander Aring <aring@mojatatu.com>
Subject: [PATCHv3 net 3/3] net: sched: ife: check on metadata length
Date: Thu, 19 Apr 2018 18:14:45 -0400
Message-Id: <20180419221445.26205-4-aring@mojatatu.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20180419221445.26205-1-aring@mojatatu.com>
References: <20180419221445.26205-1-aring@mojatatu.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

This patch checks if sk buffer is available to dererence ife header. If
not then NULL will returned to signal an malformed ife packet. This
avoids to crashing the kernel from outside.

Signed-off-by: Alexander Aring <aring@mojatatu.com>
Reviewed-by: Yotam Gigi <yotam.gi@gmail.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
---
 net/ife/ife.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ife/ife.c b/net/ife/ife.c
index 7fbe70a0af4b..570a18d4ca32 100644
--- a/net/ife/ife.c
+++ b/net/ife/ife.c
@@ -70,6 +70,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen)
 	u16 ifehdrln;
 
 	ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len);
+	if (!pskb_may_pull(skb, skb->dev->hard_header_len + IFE_METAHDRLEN))
+		return NULL;
+
 	ifehdrln = ntohs(ifehdr->metalen);
 	total_pull = skb->dev->hard_header_len + ifehdrln;