lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jan 2018 15:31:09 +1100 From: Daniel Axtens <dja@...ens.net> To: netdev@...r.kernel.org Cc: Daniel Axtens <dja@...ens.net>, Jason Wang <jasowang@...hat.com>, Pravin Shelar <pshelar@....org>, Marcelo Ricardo Leitner <marcelo.leitner@...il.com>, Manish.Chopra@...ium.com, dev@...nvswitch.org Subject: [PATCH v2 4/4] net: check the size of a packet in validate_xmit_skb There are a number of paths where an oversize skb could be sent to a driver. The driver should not be required to check for this - the core layer should do it instead. Add a check to validate_xmit_skb that checks both GSO and non-GSO packets and drops them if they are too large. Signed-off-by: Daniel Axtens <dja@...ens.net> --- net/core/dev.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index 6c96c26aadbf..f09eece2cd21 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1830,13 +1830,11 @@ static inline void net_timestamp_set(struct sk_buff *skb) __net_timestamp(SKB); \ } \ -bool is_skb_forwardable(const struct net_device *dev, const struct sk_buff *skb) +static inline bool skb_mac_len_fits_dev(const struct net_device *dev, + const struct sk_buff *skb) { unsigned int len; - if (!(dev->flags & IFF_UP)) - return false; - len = dev->mtu + dev->hard_header_len + VLAN_HLEN; if (skb->len <= len) return true; @@ -1850,6 +1848,14 @@ bool is_skb_forwardable(const struct net_device *dev, const struct sk_buff *skb) return false; } + +bool is_skb_forwardable(const struct net_device *dev, const struct sk_buff *skb) +{ + if (!(dev->flags & IFF_UP)) + return false; + + return skb_mac_len_fits_dev(dev, skb); +} EXPORT_SYMBOL_GPL(is_skb_forwardable); int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -3081,6 +3087,9 @@ static struct sk_buff *validate_xmit_skb(struct sk_buff *skb, struct net_device if (unlikely(!skb)) goto out_null; + if (unlikely(!skb_mac_len_fits_dev(dev, skb))) + goto out_kfree_skb; + if (netif_needs_gso(skb, features)) { struct sk_buff *segs; -- 2.14.1
Powered by blists - more mailing lists