From patchwork Fri Apr 20 19:15:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Aring X-Patchwork-Id: 902144 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mojatatu.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mojatatu-com.20150623.gappssmtp.com header.i=@mojatatu-com.20150623.gappssmtp.com header.b="JbuwLfl0"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40SQZF1JCXz9s1w for ; Sat, 21 Apr 2018 05:16:21 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752629AbeDTTQT (ORCPT ); Fri, 20 Apr 2018 15:16:19 -0400 Received: from mail-io0-f194.google.com ([209.85.223.194]:36209 "EHLO mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752159AbeDTTQI (ORCPT ); Fri, 20 Apr 2018 15:16:08 -0400 Received: by mail-io0-f194.google.com with SMTP id c26-v6so11732674iob.3 for ; Fri, 20 Apr 2018 12:16:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mojatatu-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4lMWGMMomKYweymg8NoZWUlZnT6SjyB5A/jYV1nwoFU=; b=JbuwLfl0DJ3DguMog3QHsvClTbYU9Bk1JA22/iZqyahCmHZWoTTavk3ahNIXbKu6sd uccRlrY1pswZum+Gsn1ovJMutzAW1NCUKPCA51xG1yBriU6yyHkGFV7S8/CWUTRIadz+ vBWLY+h2/n8i5/EQ38bkVjPAdcLiCyGTRmCTRgpK/6zjBaHYgL9c63INjJW+6llpT0LJ ArsIm5BEnPA4dNKbrrJPdmjgaU645WOcsZYO03K6GuJQv7M3peUFb1dGx75x4iBPMFEI a1s2IFPs1x7olv+dQSd/SMzg2lchHBFsgf2S025vAOt6r+1SzHU2M1h0gNzs8plR248e 0g4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4lMWGMMomKYweymg8NoZWUlZnT6SjyB5A/jYV1nwoFU=; b=OxlWTTl9nrEdBy5ZMGU26Acp7iVTmb8ha2VgTglSbQOL1AcxeffcZY+UvUBAeVv/5r iBUDPCimPCVql7y9Y5XAbQvlEiR/2GLXTD+WxRVtihmYhi5ERcAs7GB4q0m0J8MZf7q8 LOUHeZfALgU/A9guMFr+sCXV87I9AbUkQzlV5RKZjWuYlYX/3LlOYyuiBXnXl8HhDmSs d/Qw3pQkDkR7QVQ3eOd34EsE3ENj7yYXsIKilIb2NGbLhHV/4pe2f1MGFfMtZzQ+Ekmh BCaTbQe9M8e6giCaRolghCegoSBQfg2VDSwW9XL0OQ5WisYOeILc0NtMJeXPHnBmAl3G Gy/g== X-Gm-Message-State: ALQs6tAnzGULUKmAPgm2nuHHCrWxbrfjLyymUzBI0s2yeQiwvr868LJL b8JxbDv/oxrJR+pMhAjdonigRA== X-Google-Smtp-Source: AB8JxZpPSdccR58xga/8mIQTLTRcc5blbP1r5QwgazqJRUweARzZjAmFVyf6Lzfhu6Aj49JO15lB3w== X-Received: by 2002:a6b:9809:: with SMTP id a9-v6mr2229330ioe.239.1524251767202; Fri, 20 Apr 2018 12:16:07 -0700 (PDT) Received: from x220t.lan ([64.26.149.125]) by smtp.gmail.com with ESMTPSA id g202-v6sm1179368ita.13.2018.04.20.12.16.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Apr 2018 12:16:06 -0700 (PDT) From: Alexander Aring To: yotam.gi@gmail.com Cc: jhs@mojatatu.com, davem@davemloft.net, xiyou.wangcong@gmail.com, jiri@resnulli.us, yuvalm@mellanox.com, netdev@vger.kernel.org, kernel@mojatatu.com, Alexander Aring Subject: [PATCHv4 net 3/3] net: sched: ife: check on metadata length Date: Fri, 20 Apr 2018 15:15:05 -0400 Message-Id: <20180420191505.27633-4-aring@mojatatu.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180420191505.27633-1-aring@mojatatu.com> References: <20180420191505.27633-1-aring@mojatatu.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This patch checks if sk buffer is available to dererence ife header. If not then NULL will returned to signal an malformed ife packet. This avoids to crashing the kernel from outside. Signed-off-by: Alexander Aring Reviewed-by: Yotam Gigi Acked-by: Jamal Hadi Salim --- net/ife/ife.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ife/ife.c b/net/ife/ife.c index 7fbe70a0af4b..13bbf8cb6a39 100644 --- a/net/ife/ife.c +++ b/net/ife/ife.c @@ -69,6 +69,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen) int total_pull; u16 ifehdrln; + if (!pskb_may_pull(skb, skb->dev->hard_header_len + IFE_METAHDRLEN)) + return NULL; + ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len); ifehdrln = ntohs(ifehdr->metalen); total_pull = skb->dev->hard_header_len + ifehdrln;