diff options
author | Alexander Aring <aring@mojatatu.com> | 2018-04-20 15:15:04 -0400 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-04-29 11:33:13 +0200 |
commit | 388f3d9708fcc96cea44fe343ffe055e58ba6e6b (patch) | |
tree | 1a2ee018b07ff9ea59155db383b47d9fcca64e4d /net/sched/act_ife.c | |
parent | 75020d6319eec226a5829359a23322a69f1d7525 (diff) |
net: sched: ife: handle malformed tlv length
[ Upstream commit cc74eddd0ff325d57373cea99f642b787d7f76f5 ]
There is currently no handling to check on a invalid tlv length. This
patch adds such handling to avoid killing the kernel with a malformed
ife packet.
Signed-off-by: Alexander Aring <aring@mojatatu.com>
Reviewed-by: Yotam Gigi <yotam.gi@gmail.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/sched/act_ife.c')
-rw-r--r-- | net/sched/act_ife.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c index 4b4e4d490f42..85757af7f150 100644 --- a/net/sched/act_ife.c +++ b/net/sched/act_ife.c @@ -639,7 +639,12 @@ static int tcf_ife_decode(struct sk_buff *skb, const struct tc_action *a, u16 mtype; u16 dlen; - curr_data = ife_tlv_meta_decode(tlv_data, &mtype, &dlen, NULL); + curr_data = ife_tlv_meta_decode(tlv_data, ifehdr_end, &mtype, + &dlen, NULL); + if (!curr_data) { + qstats_drop_inc(this_cpu_ptr(ife->common.cpu_qstats)); + return TC_ACT_SHOT; + } if (find_decode_metaid(skb, ife, mtype, dlen, curr_data)) { /* abuse overlimits to count when we receive metadata |