lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <290a8e03-1d24-a84f-751c-6fc27f04bba0@gmail.com> Date: Tue, 28 May 2019 14:02:33 -0700 From: Eric Dumazet <eric.dumazet@...il.com> To: Davide Caratti <dcaratti@...hat.com>, Cong Wang <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us>, Jamal Hadi Salim <jhs@...atatu.com>, "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org Cc: shuali@...hat.com, Eli Britstein <elibr@...lanox.com> Subject: Re: [PATCH net] net/sched: act_pedit: fix 'ex munge' on network header in case of QinQ packet On 5/28/19 1:50 PM, Davide Caratti wrote: > Like it has been done in commit 2ecba2d1e45b ("net: sched: act_csum: Fix > csum calc for tagged packets"), also 'pedit' needs to adjust the network > offset when multiple tags are present in the packets: otherwise wrong IP > headers (but good checksums) can be observed with the following command: ... > +again: > + switch (protocol) { > + case cpu_to_be16(ETH_P_8021AD): /* fall through */ > + case cpu_to_be16(ETH_P_8021Q): > + if (skb_vlan_tag_present(skb) && > + !orig_vlan_tag_present) { > + protocol = skb->protocol; > + orig_vlan_tag_present = true; > + } else { > + struct vlan_hdr *vlan; > + > + vlan = (struct vlan_hdr *)skb->data; > + protocol = vlan->h_vlan_encapsulated_proto; > + skb_pull(skb, VLAN_HLEN); > + skb_reset_network_header(skb); > + (*vlan_hdr_count)++; > + } > + goto again; What prevents this loop to access data not yet in skb->head ? skb_header_pointer() (or pskb_may_pull()) seems needed.
Powered by blists - more mailing lists