2019-07-25 05:53:06

by Haishuang Yan

[permalink] [raw]
Subject: [PATCH] ipip: validate header length in ipip_tunnel_xmit

We need the same checks introduced by commit cb9f1b783850
("ip: validate header length on virtual device xmit") for
ipip tunnel.

Signed-off-by: Haishuang Yan <[email protected]>
---
net/ipv4/ipip.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 43adfc1..2f01cf6 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -275,6 +275,9 @@ static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
const struct iphdr *tiph = &tunnel->parms.iph;
u8 ipproto;

+ if (!pskb_inet_may_pull(skb))
+ goto tx_error;
+
switch (skb->protocol) {
case htons(ETH_P_IP):
ipproto = IPPROTO_IPIP;
--
1.8.3.1




2019-07-25 05:54:11

by Haishuang Yan

[permalink] [raw]
Subject: [PATCH] ipip: validate header length in ipip_tunnel_xmit

We need the same checks introduced by commit cb9f1b783850
("ip: validate header length on virtual device xmit") for
ipip tunnel.

Signed-off-by: Haishuang Yan <[email protected]>
---
net/ipv4/ipip.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 43adfc1..2f01cf6 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -275,6 +275,9 @@ static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
const struct iphdr *tiph = &tunnel->parms.iph;
u8 ipproto;

+ if (!pskb_inet_may_pull(skb))
+ goto tx_error;
+
switch (skb->protocol) {
case htons(ETH_P_IP):
ipproto = IPPROTO_IPIP;
--
1.8.3.1



2019-07-25 14:24:20

by Willem de Bruijn

[permalink] [raw]
Subject: Re: [PATCH] ipip: validate header length in ipip_tunnel_xmit

On Wed, Jul 24, 2019 at 11:09 PM Haishuang Yan
<[email protected]> wrote:
>
> We need the same checks introduced by commit cb9f1b783850
> ("ip: validate header length on virtual device xmit") for
> ipip tunnel.

Fixes: cb9f1b783850b ("ip: validate header length on virtual device xmit")

> Signed-off-by: Haishuang Yan <[email protected]>

Good catch. reg_vif_xmit in net/ipv4/ipmr.c probably also needs it.
All other ndo_start_xmit under net/ipv4 and net/ipv6 have this check
as of the above commit.

2019-07-26 00:26:52

by David Miller

[permalink] [raw]
Subject: Re: [PATCH] ipip: validate header length in ipip_tunnel_xmit

From: Haishuang Yan <[email protected]>
Date: Thu, 25 Jul 2019 11:07:55 +0800

> We need the same checks introduced by commit cb9f1b783850
> ("ip: validate header length on virtual device xmit") for
> ipip tunnel.
>
> Signed-off-by: Haishuang Yan <[email protected]>

Applied and queued up for -stable.