We need the same checks introduced by commit cb9f1b783850
("ip: validate header length on virtual device xmit") for
ipip tunnel.
Signed-off-by: Haishuang Yan <[email protected]>
---
net/ipv4/ipip.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 43adfc1..2f01cf6 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -275,6 +275,9 @@ static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
const struct iphdr *tiph = &tunnel->parms.iph;
u8 ipproto;
+ if (!pskb_inet_may_pull(skb))
+ goto tx_error;
+
switch (skb->protocol) {
case htons(ETH_P_IP):
ipproto = IPPROTO_IPIP;
--
1.8.3.1
We need the same checks introduced by commit cb9f1b783850
("ip: validate header length on virtual device xmit") for
ipip tunnel.
Signed-off-by: Haishuang Yan <[email protected]>
---
net/ipv4/ipip.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 43adfc1..2f01cf6 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -275,6 +275,9 @@ static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
const struct iphdr *tiph = &tunnel->parms.iph;
u8 ipproto;
+ if (!pskb_inet_may_pull(skb))
+ goto tx_error;
+
switch (skb->protocol) {
case htons(ETH_P_IP):
ipproto = IPPROTO_IPIP;
--
1.8.3.1
On Wed, Jul 24, 2019 at 11:09 PM Haishuang Yan
<[email protected]> wrote:
>
> We need the same checks introduced by commit cb9f1b783850
> ("ip: validate header length on virtual device xmit") for
> ipip tunnel.
Fixes: cb9f1b783850b ("ip: validate header length on virtual device xmit")
> Signed-off-by: Haishuang Yan <[email protected]>
Good catch. reg_vif_xmit in net/ipv4/ipmr.c probably also needs it.
All other ndo_start_xmit under net/ipv4 and net/ipv6 have this check
as of the above commit.
From: Haishuang Yan <[email protected]>
Date: Thu, 25 Jul 2019 11:07:55 +0800
> We need the same checks introduced by commit cb9f1b783850
> ("ip: validate header length on virtual device xmit") for
> ipip tunnel.
>
> Signed-off-by: Haishuang Yan <[email protected]>
Applied and queued up for -stable.