xfrm4: Reload skb header pointers after calling pskb_may_pull.
commit ea673a4d3a337184f3c314dcc6300bf02f39e077 upstream. A call to pskb_may_pull may change the pointers into the packet, so reload the pointers after the call. Change-Id: Ic4fdcc11666f1157f1c95cc3144719113ba54f6b Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
This commit is contained in:
parent
65f3d8e1d2
commit
52f6738728
|
@ -121,7 +121,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
|
|||
case IPPROTO_DCCP:
|
||||
if (xprth + 4 < skb->data ||
|
||||
pskb_may_pull(skb, xprth + 4 - skb->data)) {
|
||||
__be16 *ports = (__be16 *)xprth;
|
||||
__be16 *ports;
|
||||
|
||||
xprth = skb_network_header(skb) + iph->ihl * 4;
|
||||
ports = (__be16 *)xprth;
|
||||
|
||||
fl4->fl4_sport = ports[!!reverse];
|
||||
fl4->fl4_dport = ports[!reverse];
|
||||
|
@ -131,7 +134,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
|
|||
case IPPROTO_ICMP:
|
||||
if (xprth + 2 < skb->data ||
|
||||
pskb_may_pull(skb, xprth + 2 - skb->data)) {
|
||||
u8 *icmp = xprth;
|
||||
u8 *icmp;
|
||||
|
||||
xprth = skb_network_header(skb) + iph->ihl * 4;
|
||||
icmp = xprth;
|
||||
|
||||
fl4->fl4_icmp_type = icmp[0];
|
||||
fl4->fl4_icmp_code = icmp[1];
|
||||
|
@ -141,7 +147,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
|
|||
case IPPROTO_ESP:
|
||||
if (xprth + 4 < skb->data ||
|
||||
pskb_may_pull(skb, xprth + 4 - skb->data)) {
|
||||
__be32 *ehdr = (__be32 *)xprth;
|
||||
__be32 *ehdr;
|
||||
|
||||
xprth = skb_network_header(skb) + iph->ihl * 4;
|
||||
ehdr = (__be32 *)xprth;
|
||||
|
||||
fl4->fl4_ipsec_spi = ehdr[0];
|
||||
}
|
||||
|
@ -150,7 +159,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
|
|||
case IPPROTO_AH:
|
||||
if (xprth + 8 < skb->data ||
|
||||
pskb_may_pull(skb, xprth + 8 - skb->data)) {
|
||||
__be32 *ah_hdr = (__be32 *)xprth;
|
||||
__be32 *ah_hdr;
|
||||
|
||||
xprth = skb_network_header(skb) + iph->ihl * 4;
|
||||
ah_hdr = (__be32 *)xprth;
|
||||
|
||||
fl4->fl4_ipsec_spi = ah_hdr[1];
|
||||
}
|
||||
|
@ -159,7 +171,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
|
|||
case IPPROTO_COMP:
|
||||
if (xprth + 4 < skb->data ||
|
||||
pskb_may_pull(skb, xprth + 4 - skb->data)) {
|
||||
__be16 *ipcomp_hdr = (__be16 *)xprth;
|
||||
__be16 *ipcomp_hdr;
|
||||
|
||||
xprth = skb_network_header(skb) + iph->ihl * 4;
|
||||
ipcomp_hdr = (__be16 *)xprth;
|
||||
|
||||
fl4->fl4_ipsec_spi = htonl(ntohs(ipcomp_hdr[1]));
|
||||
}
|
||||
|
@ -168,8 +183,12 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
|
|||
case IPPROTO_GRE:
|
||||
if (xprth + 12 < skb->data ||
|
||||
pskb_may_pull(skb, xprth + 12 - skb->data)) {
|
||||
__be16 *greflags = (__be16 *)xprth;
|
||||
__be32 *gre_hdr = (__be32 *)xprth;
|
||||
__be16 *greflags;
|
||||
__be32 *gre_hdr;
|
||||
|
||||
xprth = skb_network_header(skb) + iph->ihl * 4;
|
||||
greflags = (__be16 *)xprth;
|
||||
gre_hdr = (__be32 *)xprth;
|
||||
|
||||
if (greflags[0] & GRE_KEY) {
|
||||
if (greflags[0] & GRE_CSUM)
|
||||
|
|
Loading…
Reference in New Issue