On Sat, Dec 1, 2018 at 12:38 PM Cong Wang <xiyou.wangc...@gmail.com> wrote: > > is_last_ethertype_ip() is used to check IP/IPv6 protocol before > parsing IP/IPv6 headers. > > But __vlan_get_protocol() is only bound to skb->len, a malicious > packet could exhaust all skb->len by inserting sufficient ETH_P_8021AD > headers, and it may not even contain an IP/IPv6 header at all, so we > have to check if we are still safe to continue to parse IP/IPv6 header. > If not, treat it as non-IP packet. > > This should not cause any crash as we stil have tail room in skb, > but we can't just rely on it either. > > Cc: Tariq Toukan <tar...@mellanox.com> > Cc: Saeed Mahameed <sae...@mellanox.com> > Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com>
NAcked-by: Cong Wang <xiyou.wangc...@gmail.com> This patch has no value for upstream. Let's discard it. Thanks!
