| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 Aug 2010 09:42:07 -0400 From: jamal <hadi@...erus.ca> To: Changli Gao <xiaosuo@...il.com> Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org Subject: Re: [PATCH] cls_rsvp: add sanity check for the packet length On Wed, 2010-08-04 at 16:55 +0800, Changli Gao wrote: > The packet length should be checked before the packet data is dereferenced. > > Signed-off-by: Changli Gao <xiaosuo@...il.com> > --- > net/sched/cls_rsvp.h | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > diff --git a/net/sched/cls_rsvp.h b/net/sched/cls_rsvp.h > index dd9414e..4fa119d 100644 > --- a/net/sched/cls_rsvp.h > +++ b/net/sched/cls_rsvp.h > @@ -143,9 +143,17 @@ static int rsvp_classify(struct sk_buff *skb, struct tcf_proto *tp, > u8 tunnelid = 0; > u8 *xprt; > #if RSVP_DST_LEN == 4 > - struct ipv6hdr *nhptr = ipv6_hdr(skb); > + struct ipv6hdr *nhptr; > + > + if (!pskb_may_pull(skb, skb_network_offset(skb) + sizeof(*nhptr))) > + return -1; > + nhptr = ipv6_hdr(skb); > #else > struct iphdr *nhptr = ip_hdr(skb); > + > + if (!pskb_may_pull(skb, skb_network_offset(skb) + sizeof(*nhptr))) > + return -1; > + nhptr = ip_hdr(skb); > #endif Maybe a good time to move nhptr declaration outside #if since it is used in #else as well. Otherwise: Acked-by: Jamal Hadi Salim <hadi@...erus.ca> cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists