| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180419221445.26205-4-aring@mojatatu.com>
Date: Thu, 19 Apr 2018 18:14:45 -0400
From: Alexander Aring <aring@...atatu.com>
To: yotam.gi@...il.com
Cc: jhs@...atatu.com, davem@...emloft.net, xiyou.wangcong@...il.com,
jiri@...nulli.us, yuvalm@...lanox.com, netdev@...r.kernel.org,
kernel@...atatu.com, Alexander Aring <aring@...atatu.com>
Subject: [PATCHv3 net 3/3] net: sched: ife: check on metadata length
This patch checks if sk buffer is available to dererence ife header. If
not then NULL will returned to signal an malformed ife packet. This
avoids to crashing the kernel from outside.
Signed-off-by: Alexander Aring <aring@...atatu.com>
Reviewed-by: Yotam Gigi <yotam.gi@...il.com>
Acked-by: Jamal Hadi Salim <jhs@...atatu.com>
---
net/ife/ife.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ife/ife.c b/net/ife/ife.c
index 7fbe70a0af4b..570a18d4ca32 100644
--- a/net/ife/ife.c
+++ b/net/ife/ife.c
@@ -70,6 +70,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen)
u16 ifehdrln;
ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len);
+ if (!pskb_may_pull(skb, skb->dev->hard_header_len + IFE_METAHDRLEN))
+ return NULL;
+
ifehdrln = ntohs(ifehdr->metalen);
total_pull = skb->dev->hard_header_len + ifehdrln;
--
2.11.0
Powered by blists - more mailing lists