diff options
| author | Haishuang Yan | 2019-07-25 05:07:56 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman | 2019-08-09 17:52:30 +0200 |
| commit | f186fb5ccf699487a38b5b924fa6068274ae7d4f (patch) | |
| tree | 0e29cc753faacfe87d754871cd2a3b3c8dd9943c /net | |
| parent | ip6_tunnel: fix possible use-after-free on xmit (diff) | |
| download | kernel-qcow2-linux-f186fb5ccf699487a38b5b924fa6068274ae7d4f.tar.gz kernel-qcow2-linux-f186fb5ccf699487a38b5b924fa6068274ae7d4f.tar.xz kernel-qcow2-linux-f186fb5ccf699487a38b5b924fa6068274ae7d4f.zip | |
ipip: validate header length in ipip_tunnel_xmit
[ Upstream commit 47d858d0bdcd47cc1c6c9eeca91b091dd9e55637 ]
We need the same checks introduced by commit cb9f1b783850
("ip: validate header length on virtual device xmit") for
ipip tunnel.
Fixes: cb9f1b783850b ("ip: validate header length on virtual device xmit")
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/ipip.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c index c891235b4966..4368282eb6f8 100644 --- a/net/ipv4/ipip.c +++ b/net/ipv4/ipip.c @@ -281,6 +281,9 @@ static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, const struct iphdr *tiph = &tunnel->parms.iph; u8 ipproto; + if (!pskb_inet_may_pull(skb)) + goto tx_error; + switch (skb->protocol) { case htons(ETH_P_IP): ipproto = IPPROTO_IPIP; |