[PATCH net 3/3] net: sched: ife: check on metadata length

Netdev List
 help / color / mirror / Atom feed

From: Alexander Aring <aring@mojatatu.com>
To: yotam.gi@gmail.com
Cc: jhs@mojatatu.com, davem@davemloft.net, xiyou.wangcong@gmail.com,
	jiri@resnulli.us, yuvalm@mellanox.com, netdev@vger.kernel.org,
	kernel@mojatatu.com, Alexander Aring <aring@mojatatu.com>
Subject: [PATCH net 3/3] net: sched: ife: check on metadata length
Date: Wed, 18 Apr 2018 17:35:34 -0400	[thread overview]
Message-ID: <20180418213534.6215-4-aring@mojatatu.com> (raw)
In-Reply-To: <20180418213534.6215-1-aring@mojatatu.com>

This patch checks if sk buffer is available to dererence ife header. If
not then NULL will returned to signal an malformed ife packet. This
avoids to crashing the kernel from outside.

Signed-off-by: Alexander Aring <aring@mojatatu.com>
---
 net/ife/ife.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ife/ife.c b/net/ife/ife.c
index 8632d2685efb..7c100034fbee 100644
--- a/net/ife/ife.c
+++ b/net/ife/ife.c
@@ -70,6 +70,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen)
 	u16 ifehdrln;
 
 	ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len);
+	if (skb->len < skb->dev->hard_header_len + IFE_METAHDRLEN)
+		return NULL;
+
 	ifehdrln = ntohs(ifehdr->metalen);
 	total_pull = skb->dev->hard_header_len + ifehdrln;
 
-- 
2.11.0

next prev parent reply	other threads:[~2018-04-18 21:36 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-18 21:35 [PATCH net 0/3] net: sched: ife: malformed ife packet fixes Alexander Aring
2018-04-18 21:35 ` [PATCH net 1/3] net: sched: ife: signal not finding metaid Alexander Aring
2018-04-19  5:37   ` yotam gigi
2018-04-19 12:08     ` Jamal Hadi Salim
2018-04-18 21:35 ` [PATCH net 2/3] net: sched: ife: handle malformed tlv length Alexander Aring
2018-04-19  5:37   ` yotam gigi
2018-04-19 12:09     ` Jamal Hadi Salim
2018-04-19 19:30   ` David Miller
2018-04-18 21:35 ` Alexander Aring [this message]
2018-04-19  5:37   ` [PATCH net 3/3] net: sched: ife: check on metadata length yotam gigi
2018-04-19 12:10     ` Jamal Hadi Salim

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8632d2685ef dfblob:7c100034fbe )
 OR (
bs:"[PATCH net 3/3] net: sched: ife: check on metadata length" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180418213534.6215-4-aring@mojatatu.com \
    --to=aring@mojatatu.com \
    --cc=davem@davemloft.net \
    --cc=jhs@mojatatu.com \
    --cc=jiri@resnulli.us \
    --cc=kernel@mojatatu.com \
    --cc=netdev@vger.kernel.org \
    --cc=xiyou.wangcong@gmail.com \
    --cc=yotam.gi@gmail.com \
    --cc=yuvalm@mellanox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox