subject:"\[PATCH net 3\/3\] net\: sched\: ife\: check on metadata length"

[PATCH net 3/3] net: sched: ife: check on metadata length

2018-04-18 Thread Alexander Aring

This patch checks if sk buffer is available to dererence ife header. If
not then NULL will returned to signal an malformed ife packet. This
avoids to crashing the kernel from outside.

Signed-off-by: Alexander Aring 
---
 net/ife/ife.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ife/ife.c b/net/ife/ife.c
index 8632d2685efb..7c100034fbee 100644
--- a/net/ife/ife.c
+++ b/net/ife/ife.c
@@ -70,6 +70,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen)
u16 ifehdrln;
 
ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len);
+   if (skb->len < skb->dev->hard_header_len + IFE_METAHDRLEN)
+   return NULL;
+
ifehdrln = ntohs(ifehdr->metalen);
total_pull = skb->dev->hard_header_len + ifehdrln;
 
-- 
2.11.0

Re: [PATCH net 3/3] net: sched: ife: check on metadata length

2018-04-18 Thread yotam gigi

On Thu, Apr 19, 2018 at 12:35 AM, Alexander Aring  wrote:
> This patch checks if sk buffer is available to dererence ife header. If
> not then NULL will returned to signal an malformed ife packet. This
> avoids to crashing the kernel from outside.
>
> Signed-off-by: Alexander Aring 

Reviewed-by: Yotam Gigi 

> ---
>  net/ife/ife.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/net/ife/ife.c b/net/ife/ife.c
> index 8632d2685efb..7c100034fbee 100644
> --- a/net/ife/ife.c
> +++ b/net/ife/ife.c
> @@ -70,6 +70,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen)
> u16 ifehdrln;
>
> ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len);
> +   if (skb->len < skb->dev->hard_header_len + IFE_METAHDRLEN)
> +   return NULL;
> +
> ifehdrln = ntohs(ifehdr->metalen);
> total_pull = skb->dev->hard_header_len + ifehdrln;
>
> --
> 2.11.0
>

Re: [PATCH net 3/3] net: sched: ife: check on metadata length

2018-04-19 Thread Jamal Hadi Salim


On 19/04/18 01:37 AM, yotam gigi wrote:

On Thu, Apr 19, 2018 at 12:35 AM, Alexander Aring  wrote:

This patch checks if sk buffer is available to dererence ife header. If
not then NULL will returned to signal an malformed ife packet. This
avoids to crashing the kernel from outside.

Signed-off-by: Alexander Aring 


Reviewed-by: Yotam Gigi 



Acked-by: Jamal Hadi Salim 

cheers,
jamal

[PATCH net 3/3] net: sched: ife: check on metadata length

Re: [PATCH net 3/3] net: sched: ife: check on metadata length

Re: [PATCH net 3/3] net: sched: ife: check on metadata length

3 matches

Site Navigation

Mail list logo

Footer information