From: Yan Zheng <yanzheng@21cn.com>
To: netdev@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, yoshfuji@linux-ipv6.org
Subject: Re: [PATCH][MCAST]IPv6: Check packet size when process Multicast Address and Source Specific Query
Date: Mon, 31 Oct 2005 20:09:45 +0800 [thread overview]
Message-ID: <43660989.2000100@21cn.com> (raw)
In-Reply-To: <20051031.142717.40152885.yoshfuji@linux-ipv6.org>
>
> You cannot continue using mlh2, local copy of skb->h.raw
> after pskb_may_pull(). Please refresh it.
>
> --yoshfuji
>
My mistake. sorry.
I hope the new one is correct.
Regards
================================================================================
--- linux-2.6.14/net/ipv6/mcast.c 2005-10-30 23:09:33.000000000 +0800
+++ linux/net/ipv6/mcast.c 2005-10-31 14:16:19.000000000 +0800
@@ -1087,7 +1087,7 @@ static void mld_marksources(struct ifmca
int igmp6_event_query(struct sk_buff *skb)
{
- struct mld2_query *mlh2 = (struct mld2_query *) skb->h.raw;
+ struct mld2_query *mlh2 = NULL;
struct ifmcaddr6 *ma;
struct in6_addr *group;
unsigned long max_delay;
@@ -1140,6 +1140,13 @@ int igmp6_event_query(struct sk_buff *sk
/* clear deleted report items */
mld_clear_delrec(idev);
} else if (len >= 28) {
+ int srcs_offset = sizeof(struct mld2_query) -
+ sizeof(struct icmp6hdr);
+ if (!pskb_may_pull(skb, srcs_offset)) {
+ in6_dev_put(idev);
+ return -EINVAL;
+ }
+ mlh2 = (struct mld2_query *) skb->h.raw;
max_delay = (MLDV2_MRC(ntohs(mlh2->mrc))*HZ)/1000;
if (!max_delay)
max_delay = 1;
@@ -1156,7 +1163,15 @@ int igmp6_event_query(struct sk_buff *sk
return 0;
}
/* mark sources to include, if group & source-specific */
- mark = mlh2->nsrcs != 0;
+ if (mlh2->nsrcs != 0) {
+ if (!pskb_may_pull(skb, srcs_offset +
+ mlh2->nsrcs * sizeof(struct in6_addr))) {
+ in6_dev_put(idev);
+ return -EINVAL;
+ }
+ mlh2 = (struct mld2_query *) skb->h.raw;
+ mark = 1;
+ }
} else {
in6_dev_put(idev);
return -EINVAL;
next prev parent reply other threads:[~2005-10-31 12:09 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-31 5:20 [PATCH][MCAST]IPv6: Check packet size when process Multicast Address and Source Specific Query Yan Zheng
2005-10-31 5:27 ` YOSHIFUJI Hideaki / 吉藤英明
2005-10-31 12:09 ` Yan Zheng [this message]
2005-10-31 12:15 ` YOSHIFUJI Hideaki / 吉藤英明
2005-10-31 19:42 ` David Stevens
2005-11-01 4:20 ` Yan Zheng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43660989.2000100@21cn.com \
--to=yanzheng@21cn.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).