diff options
author | David S. Miller <davem@davemloft.net> | 2018-04-24 23:59:11 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-04-24 23:59:11 -0400 |
commit | c749fa181bd5848be78691d23168ec61ce691b95 (patch) | |
tree | d037dc016bd880d9d5b393a30f3907ef5e98124d /net/ife/ife.c | |
parent | 16f4faa4f06ff3b4e214922d55ac33ab6e2bdbdc (diff) | |
parent | 3be4aaf4e2d3eb95cce7835e8df797ae65ae5ac1 (diff) | |
download | op-kernel-dev-c749fa181bd5848be78691d23168ec61ce691b95.zip op-kernel-dev-c749fa181bd5848be78691d23168ec61ce691b95.tar.gz |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Diffstat (limited to 'net/ife/ife.c')
-rw-r--r-- | net/ife/ife.c | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/net/ife/ife.c b/net/ife/ife.c index 7d1ec76..13bbf8c 100644 --- a/net/ife/ife.c +++ b/net/ife/ife.c @@ -69,6 +69,9 @@ void *ife_decode(struct sk_buff *skb, u16 *metalen) int total_pull; u16 ifehdrln; + if (!pskb_may_pull(skb, skb->dev->hard_header_len + IFE_METAHDRLEN)) + return NULL; + ifehdr = (struct ifeheadr *) (skb->data + skb->dev->hard_header_len); ifehdrln = ntohs(ifehdr->metalen); total_pull = skb->dev->hard_header_len + ifehdrln; @@ -92,12 +95,43 @@ struct meta_tlvhdr { __be16 len; }; +static bool __ife_tlv_meta_valid(const unsigned char *skbdata, + const unsigned char *ifehdr_end) +{ + const struct meta_tlvhdr *tlv; + u16 tlvlen; + + if (unlikely(skbdata + sizeof(*tlv) > ifehdr_end)) + return false; + + tlv = (const struct meta_tlvhdr *)skbdata; + tlvlen = ntohs(tlv->len); + + /* tlv length field is inc header, check on minimum */ + if (tlvlen < NLA_HDRLEN) + return false; + + /* overflow by NLA_ALIGN check */ + if (NLA_ALIGN(tlvlen) < tlvlen) + return false; + + if (unlikely(skbdata + NLA_ALIGN(tlvlen) > ifehdr_end)) + return false; + + return true; +} + /* Caller takes care of presenting data in network order */ -void *ife_tlv_meta_decode(void *skbdata, u16 *attrtype, u16 *dlen, u16 *totlen) +void *ife_tlv_meta_decode(void *skbdata, const void *ifehdr_end, u16 *attrtype, + u16 *dlen, u16 *totlen) { - struct meta_tlvhdr *tlv = (struct meta_tlvhdr *) skbdata; + struct meta_tlvhdr *tlv; + + if (!__ife_tlv_meta_valid(skbdata, ifehdr_end)) + return NULL; + tlv = (struct meta_tlvhdr *)skbdata; *dlen = ntohs(tlv->len) - NLA_HDRLEN; *attrtype = ntohs(tlv->type); |