[PATCH 1/2] xfrm4: fix the ports decode of sctp protocol

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Herbert Xu <herbert@...>, David Miller <davem@...>

Cc: Netdev <netdev@...>

Subject: [PATCH 1/2] xfrm4: fix the ports decode of sctp protocol

Date: Thursday, July 2, 2009 - 10:57 pm

The SCTP pushed the skb data above the sctp chunk header, so the check
of pskb_may_pull(skb, xprth + 4 - skb->data) in _decode_session4() will
never return 0 because xprth + 4 - skb->data < 0, the ports decode of
sctp will always fail.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
---
 net/ipv4/xfrm4_policy.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 60d918c..0071ee6 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -136,7 +136,8 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
 		case IPPROTO_TCP:
 		case IPPROTO_SCTP:
 		case IPPROTO_DCCP:
-			if (pskb_may_pull(skb, xprth + 4 - skb->data)) {
+			if (xprth + 4 < skb->data ||
+			    pskb_may_pull(skb, xprth + 4 - skb->data)) {
 				__be16 *ports = (__be16 *)xprth;
 
 				fl->fl_ip_sport = ports[!!reverse];
-- 
1.6.2.2




--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 1/2] xfrm4: fix the ports decode of sctp protocol, Wei Yongjun, (Thu Jul 2, 10:57 pm)

Re: [PATCH 1/2] xfrm4: fix the ports decode of sctp protocol, Herbert Xu, (Thu Jul 2, 11:48 pm)

Re: [PATCH 1/2] xfrm4: fix the ports decode of sctp protocol, David Miller, (Fri Jul 3, 10:10 pm)

[PATCH 2/2] xfrm6: fix the proto and ports decode of sctp pr..., Wei Yongjun, (Thu Jul 2, 10:59 pm)

Re: [PATCH 2/2] xfrm6: fix the proto and ports decode of sct..., Herbert Xu, (Thu Jul 2, 11:49 pm)

Re: [PATCH 2/2] xfrm6: fix the proto and ports decode of sct..., David Miller, (Fri Jul 3, 10:11 pm)


linux-kernel:
Greg Kroah-Hartman	[PATCH 006/196] Chinese: add translation of oops-tracing.txt
Jan Engelhardt	intel iommu (Re: -mm merge plans for 2.6.23)
James Bottomley	Re: Integration of SCST in the mainstream Linux kernel
Borislav Petkov	2.6.23-rc1: no setup signature found...
git:

openbsd-misc:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	[GIT]: Networking
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
David Miller	Re: [BUG] New Kernel Bugs

[PATCH 1/2] xfrm4: fix the ports decode of sctp protocol

Online users