Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5189740imm; Wed, 12 Sep 2018 02:24:00 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYkABgVGfqvlVpGpg6RFBQ7MIKAY3zaf2w0B13ggc/kgfKnJm5ZxU0Oq3KRxOO2d3OrPeGt X-Received: by 2002:a17:902:9a06:: with SMTP id v6-v6mr1144912plp.316.1536744240665; Wed, 12 Sep 2018 02:24:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536744240; cv=none; d=google.com; s=arc-20160816; b=j4hRWWUbvWW4XohhdNYWdJBORJzBz30XRnWULtOHv9b2uGQ2KRgbhD6XL/UWZUx3MO t2TzQrq65ONGFqbkSqDRexkVgtpJqwS4QdHRhJPSCJ2wLslO0rRq19eVtGrjlqN+CDr7 +2s0BAJTK/oZvPBnLp4T4YljPmvOJHrXY+5xgs0b3MSbhvSKazWTvQ9/9okQoNZNA73C wcQ7FJemd/FRxcCTp4gTbIupvry6VxNSGiiYPhNTEAcLQq/kgLJEWOR28c6uGr6irGF6 yX30tQKf64WowHPGTsdYnqvd1U386tl+xZ0b88MpYjzTtNDwvAldCv6YrWTOrQkl2Lag Ih1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from; bh=3azIKzL9g2suNlatNQLP35D5PZ5km7xHZk1eTtyflBU=; b=Re0pij4yCjX2ecF+PkbsHqsDN5qq48ZfYH1okvIeDyCAOU2q4b02iLAwMLklTdiC7T cQD1W7CsZDokhW0rb0GuOHsODY65lbAg0FJzXSezi8SEGH/2SDzTuXDpX+ag4J2kKdwU HKrtvPWShBxOUX/sQZ1frl70WSUgya2hVYzH0zYWquayutKbfcEncgzgDFhJAJ2DKRig eTyHrOQLg3kPI0zWOMD/sqew73v41s01JJChQqbUV1j/jTKtpnP5JUP+fMAfm4EEn6lX EBCBzl788AtJ3vino5LUswj5b4qAtYUE55z+hTbsSc7J0mr61irw2he+ifyZUn0iRZc4 GlcQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q61-v6si448631plb.231.2018.09.12.02.23.45; Wed, 12 Sep 2018 02:24:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727838AbeILO0c (ORCPT + 99 others); Wed, 12 Sep 2018 10:26:32 -0400 Received: from cmccmta2.chinamobile.com ([221.176.66.80]:59987 "EHLO cmccmta2.chinamobile.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726800AbeILO0c (ORCPT ); Wed, 12 Sep 2018 10:26:32 -0400 Received: from spf.mail.chinamobile.com (unknown[172.16.121.1]) by rmmx-syy-dmz-app08-12008 (RichMail) with SMTP id 2ee85b98dae540c-904bf; Wed, 12 Sep 2018 17:22:45 +0800 (CST) X-RM-TRANSID: 2ee85b98dae540c-904bf X-RM-TagInfo: emlType=0 X-RM-SPAM-FLAG: 00000000 Received: from localhost (unknown[223.105.0.240]) by rmsmtp-syy-appsvr01-12001 (RichMail) with SMTP id 2ee15b98dae4c31-63e5c; Wed, 12 Sep 2018 17:22:45 +0800 (CST) X-RM-TRANSID: 2ee15b98dae4c31-63e5c From: Haishuang Yan To: "David S. Miller" , Alexey Kuznetsov Cc: Jiri Benc , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Haishuang Yan Subject: [PATCH v2,net-next 1/2] ip_gre: fix parsing gre header in ipgre_err Date: Wed, 12 Sep 2018 17:21:21 +0800 Message-Id: <1536744082-3568-1-git-send-email-yanhaishuang@cmss.chinamobile.com> X-Mailer: git-send-email 1.8.3.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org gre_parse_header stops parsing when csum_err is encountered, which means tpi->key is undefined and ip_tunnel_lookup will return NULL improperly. This patch introduce a NULL pointer as csum_err parameter. Even when csum_err is encountered, it won't return error and continue parsing gre header as expected. Fixes: 9f57c67c379d ("gre: Remove support for sharing GRE protocol hook.") Reported-by: Jiri Benc Signed-off-by: Haishuang Yan --- net/ipv4/gre_demux.c | 2 +- net/ipv4/ip_gre.c | 9 +++------ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/net/ipv4/gre_demux.c b/net/ipv4/gre_demux.c index b798862..679a527 100644 --- a/net/ipv4/gre_demux.c +++ b/net/ipv4/gre_demux.c @@ -86,7 +86,7 @@ int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi, options = (__be32 *)(greh + 1); if (greh->flags & GRE_CSUM) { - if (skb_checksum_simple_validate(skb)) { + if (csum_err && skb_checksum_simple_validate(skb)) { *csum_err = true; return -EINVAL; } diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 8cce0e9..c3385a8 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -232,13 +232,10 @@ static void gre_err(struct sk_buff *skb, u32 info) const int type = icmp_hdr(skb)->type; const int code = icmp_hdr(skb)->code; struct tnl_ptk_info tpi; - bool csum_err = false; - if (gre_parse_header(skb, &tpi, &csum_err, htons(ETH_P_IP), - iph->ihl * 4) < 0) { - if (!csum_err) /* ignore csum errors. */ - return; - } + if (gre_parse_header(skb, &tpi, NULL, htons(ETH_P_IP), + iph->ihl * 4) < 0) + return; if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { ipv4_update_pmtu(skb, dev_net(skb->dev), info, -- 1.8.3.1