Piteball/android_kernel_samsung_msm8976
1
1
Fork 0
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git synced 2024-09-21 20:04:01 +00:00
Code Issues Projects Releases Wiki Activity

net: flow_dissector: fail on evil iph->ihl

Browse source 
We don't validate iph->ihl which may lead a dead loop if we meet a IPIP
skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl
is evil (less than 5).

CRs-Fixed: 589913
Change-Id: Ifd7be75d153d7504704e7ff9d8f63fe3767326d2
Acked-by: David Arinzon <darinzon@qti.qualcomm.com>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
This commit is contained in:
Subash Abhinov Kasiviswanathan 2014-01-15 13:21:52 -07:00
parent 02983880eb
commit d660285899
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/core/flow_dissector.c
View file

@ -40,7 +40,7 @@ again:
struct iphdr _iph;
ip:
iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
if (!iph)
if (!iph || iph->ihl < 5)
return false;
if (ip_is_fragment(iph))