* Patch "ipvs: handle ip_vs_fill_iph_skb_off failure" has been added to the 4.5-stable tree
@ 2016-05-06 16:30 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2016-05-06 16:30 UTC (permalink / raw)
To: arnd, gregkh, horms, ja; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
ipvs: handle ip_vs_fill_iph_skb_off failure
to the 4.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ipvs-handle-ip_vs_fill_iph_skb_off-failure.patch
and it can be found in the queue-4.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 3f20efba41916ee17ce82f0fdd02581ada2872b2 Mon Sep 17 00:00:00 2001
From: Arnd Bergmann <arnd@arndb.de>
Date: Wed, 27 Jan 2016 14:52:02 +0100
Subject: ipvs: handle ip_vs_fill_iph_skb_off failure
From: Arnd Bergmann <arnd@arndb.de>
commit 3f20efba41916ee17ce82f0fdd02581ada2872b2 upstream.
ip_vs_fill_iph_skb_off() may not find an IP header, and gcc has
determined that ip_vs_sip_fill_param() then incorrectly accesses
the protocol fields:
net/netfilter/ipvs/ip_vs_pe_sip.c: In function 'ip_vs_sip_fill_param':
net/netfilter/ipvs/ip_vs_pe_sip.c:76:5: error: 'iph.protocol' may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (iph.protocol != IPPROTO_UDP)
^
net/netfilter/ipvs/ip_vs_pe_sip.c:81:10: error: 'iph.len' may be used uninitialized in this function [-Werror=maybe-uninitialized]
dataoff = iph.len + sizeof(struct udphdr);
^
This adds a check for the ip_vs_fill_iph_skb_off() return code
before looking at the ip header data returned from it.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: b0e010c527de ("ipvs: replace ip_vs_fill_ip4hdr with ip_vs_fill_iph_skb_off")
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/ipvs/ip_vs_pe_sip.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/netfilter/ipvs/ip_vs_pe_sip.c
+++ b/net/netfilter/ipvs/ip_vs_pe_sip.c
@@ -70,10 +70,10 @@ ip_vs_sip_fill_param(struct ip_vs_conn_p
const char *dptr;
int retc;
- ip_vs_fill_iph_skb(p->af, skb, false, &iph);
+ retc = ip_vs_fill_iph_skb(p->af, skb, false, &iph);
/* Only useful with UDP */
- if (iph.protocol != IPPROTO_UDP)
+ if (!retc || iph.protocol != IPPROTO_UDP)
return -EINVAL;
/* todo: IPv6 fragments:
* I think this only should be done for the first fragment. /HS
Patches currently in stable-queue which might be from arnd@arndb.de are
queue-4.5/lpfc-fix-misleading-indentation.patch
queue-4.5/ipvs-handle-ip_vs_fill_iph_skb_off-failure.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-05-06 17:39 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-06 16:30 Patch "ipvs: handle ip_vs_fill_iph_skb_off failure" has been added to the 4.5-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).