From patchwork Mon Apr 2 03:10:50 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Changli Gao X-Patchwork-Id: 150053 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id CFB68B6EEF for ; Mon, 2 Apr 2012 13:13:33 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754153Ab2DBDNb (ORCPT ); Sun, 1 Apr 2012 23:13:31 -0400 Received: from mail-iy0-f174.google.com ([209.85.210.174]:36853 "EHLO mail-iy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754053Ab2DBDNb (ORCPT ); Sun, 1 Apr 2012 23:13:31 -0400 Received: by iagz16 with SMTP id z16so3543598iag.19 for ; Sun, 01 Apr 2012 20:13:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer; bh=NBBtuj8wiZ1RhPc4tDdkxFOqFx9tpjwPQ11GcBRQz9U=; b=waYVO67P5I2ltAksGnewZZhWwYPKLeA+jp8lyDHR+FLjqr7idg738b+g3hjOXOYZHE JulN2mpju1RKCDXQEpm9VRmjVwWoghjZCsSpiKtquPQb1C1YSQBFI29ml+aot70+DAAo kwj8UkikE/VxzjgK7wTx18oedoEyaZyU9EE/fA3pTxc3c+9EtCc4IdKenVVQNRSFr1wH kJcXEbB2+Tl3kTgYuFYs7jPOQeWEShsAn8t0zS7LC2gd/RgC2J8sETQEE80KreEC5xU/ y+Osf+yJMir2HjDBMva6lGW90X0SotQJmegHbFNUGgW8sQpSZBt+jclB/3aSUGhoBCVb w+Jg== Received: by 10.50.179.40 with SMTP id dd8mr4353547igc.29.1333336410655; Sun, 01 Apr 2012 20:13:30 -0700 (PDT) Received: from localhost.localdomain ([221.238.69.42]) by mx.google.com with ESMTPS id gs4sm10826132igc.8.2012.04.01.20.13.25 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 01 Apr 2012 20:13:29 -0700 (PDT) From: Changli Gao To: "David S. Miller" Cc: Patrick McHardy , Pablo Neira Ayuso , Eric Dumazet , netfilter-devel@vger.kernel.org, netdev@vger.kernel.org, Changli Gao Subject: [PATCH] net: check the length of the data before dereferencing it Date: Mon, 2 Apr 2012 11:10:50 +0800 Message-Id: <1333336250-4110-1-git-send-email-xiaosuo@gmail.com> X-Mailer: git-send-email 1.7.4.1 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org We should check the length of the data before dereferencing it when parsing the TCP options. Signed-off-by: Changli Gao Acked-by: Eric Dumazet --- net/ipv4/tcp_input.c | 2 ++ 1 file changed, 2 insertions(+) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index e886e2f..5099f08 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -3845,6 +3845,8 @@ void tcp_parse_options(const struct sk_buff *skb, struct tcp_options_received *o length--; continue; default: + if (length < 2) + return; opsize = *ptr++; if (opsize < 2) /* "silly options" */ return;