| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20201206111558.100629224@linuxfoundation.org>
Date: Sun, 6 Dec 2020 12:17:42 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Davide Caratti <dcaratti@...hat.com>,
Jakub Kicinski <kuba@...nel.org>
Subject: [PATCH 5.9 34/46] net: openvswitch: ensure LSE is pullable before reading it
From: Davide Caratti <dcaratti@...hat.com>
[ Upstream commit 43c13605bad44b8abbc9776d6e63f62ccb7a47d6 ]
when openvswitch is configured to mangle the LSE, the current value is
read from the packet dereferencing 4 bytes at mpls_hdr(): ensure that
the label is contained in the skb "linear" area.
Found by code inspection.
Fixes: d27cf5c59a12 ("net: core: add MPLS update core helper and use in OvS")
Signed-off-by: Davide Caratti <dcaratti@...hat.com>
Link: https://lore.kernel.org/r/aa099f245d93218b84b5c056b67b6058ccf81a66.1606987185.git.dcaratti@redhat.com
Signed-off-by: Jakub Kicinski <kuba@...nel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
net/openvswitch/actions.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/openvswitch/actions.c
+++ b/net/openvswitch/actions.c
@@ -200,6 +200,9 @@ static int set_mpls(struct sk_buff *skb,
__be32 lse;
int err;
+ if (!pskb_may_pull(skb, skb_network_offset(skb) + MPLS_HLEN))
+ return -ENOMEM;
+
stack = mpls_hdr(skb);
lse = OVS_MASKED(stack->label_stack_entry, *mpls_lse, *mask);
err = skb_mpls_update_lse(skb, lse);
Powered by blists - more mailing lists