Patchwork bridge: Pull ip header into skb->data before looking into ip header.

login
register
mail settings
Submitter Sarveshwar Bandi
Date Oct. 10, 2012, 11:15 a.m.
Message ID <6f6f2599-15e5-49a7-973c-d2c36483427d@CMEXHTCAS1.ad.emulex.com>
Download mbox | patch
Permalink /patch/190613/
State Accepted
Delegated to: David Miller
Headers show

Comments

Sarveshwar Bandi - Oct. 10, 2012, 11:15 a.m.
From: Sarveshwar Bandi <sarveshwar.bandi@emulex.com>

If lower layer driver leaves the ip header in the skb fragment, it needs to
be first pulled into skb->data before inspecting ip header length or ip version
number.

Signed-off-by: Sarveshwar Bandi <sarveshwar.bandi@emulex.com>
---
 net/bridge/br_netfilter.c |    3 +++
 1 file changed, 3 insertions(+)
David Miller - Oct. 11, 2012, 2:53 a.m.
From: <sarveshwar.bandi@emulex.com>
Date: Wed, 10 Oct 2012 16:45:01 +0530

> From: Sarveshwar Bandi <sarveshwar.bandi@emulex.com>
> 
> If lower layer driver leaves the ip header in the skb fragment, it needs to
> be first pulled into skb->data before inspecting ip header length or ip version
> number.
> 
> Signed-off-by: Sarveshwar Bandi <sarveshwar.bandi@emulex.com>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 68e8f36..fe43bc7 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -265,6 +265,9 @@  static int br_parse_ip_options(struct sk_buff *skb)
 	struct net_device *dev = skb->dev;
 	u32 len;
 
+	if (!pskb_may_pull(skb, sizeof(struct iphdr)))
+		goto inhdr_error;
+
 	iph = ip_hdr(skb);
 	opt = &(IPCB(skb)->opt);