From patchwork Fri Jul 22 09:26:10 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: xeb@mail.ru X-Patchwork-Id: 106244 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 14153B6F6B for ; Fri, 22 Jul 2011 19:35:43 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753309Ab1GVJfg (ORCPT ); Fri, 22 Jul 2011 05:35:36 -0400 Received: from fallback8.mail.ru ([94.100.176.136]:60531 "EHLO fallback8.mail.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752922Ab1GVJff (ORCPT ); Fri, 22 Jul 2011 05:35:35 -0400 X-Greylist: delayed 563 seconds by postgrey-1.27 at vger.kernel.org; Fri, 22 Jul 2011 05:35:35 EDT Received: from smtp12.mail.ru (smtp12.mail.ru [94.100.176.89]) by fallback8.mail.ru (mPOP.Fallback_MX) with ESMTP id CDA4713C2873 for ; Fri, 22 Jul 2011 13:26:40 +0400 (MSD) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail; h=Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:Date:Subject:To:From; bh=SqyncPDjMqt5Tdsou147u2gKt/KO/J2DRWpWfhjtPMU=; b=i757FaDItmzEIssipv+pdu8lAs59F1mpEMnQUVMH45o/if0Ea5T6gmwmgwe2sLWff8s9dvzSfQsz7l0Ey7ol3RjT5kJJhBkMU4AZRYSr8qmk6Bh83F3g7OtwH9F1vGi7; Received: from [195.24.254.26] (port=59806 helo=dima.localnet) by smtp12.mail.ru with asmtp id 1QkBzn-0006Zb-00; Fri, 22 Jul 2011 13:26:11 +0400 From: Dmitry Kozlov Organization: =?koi8-r?b?+uHvIO738A==?= =?koi8-r?b?IPDSz9TFyw==?= To: davem@davemloft.net Subject: [PATCH net-2.6] gre: fix improper error handling Date: Fri, 22 Jul 2011 13:26:10 +0400 User-Agent: KMail/1.13.5 (Linux/2.6.35-gentoo-r5; KDE/4.4.5; x86_64; ; ) Cc: netdev@vger.kernel.org MIME-Version: 1.0 Message-Id: <201107221326.10597.xeb@mail.ru> X-Spam: Not detected X-Mras: Ok Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Fix improper protocol err_handler, current implementation is fully unapplicable and may cause kernel crash due to double kfree_skb. Signed-off-by: Dmitry Kozlov --- net/ipv4/gre.c | 23 +++++++---------------- 1 files changed, 7 insertions(+), 16 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/ipv4/gre.c b/net/ipv4/gre.c index c6933f2..a8126fe 100644 --- a/net/ipv4/gre.c +++ b/net/ipv4/gre.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -97,27 +98,17 @@ drop: static void gre_err(struct sk_buff *skb, u32 info) { const struct gre_protocol *proto; - u8 ver; - - if (!pskb_may_pull(skb, 12)) - goto drop; - - ver = skb->data[1]&0x7f; + const struct iphdr *iph = (const struct iphdr *)skb->data; + u8 ver = skb->data[(iph->ihl<<2) + 1]&0x7f; + if (ver >= GREPROTO_MAX) - goto drop; + return; rcu_read_lock(); proto = rcu_dereference(gre_proto[ver]); - if (!proto || !proto->err_handler) - goto drop_unlock; - proto->err_handler(skb, info); - rcu_read_unlock(); - return; - -drop_unlock: + if (proto && proto->err_handler) + proto->err_handler(skb, info); rcu_read_unlock(); -drop: - kfree_skb(skb); } static const struct net_protocol net_gre_protocol = {