mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 02:30:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

u32: negative offset fix

Browse source 
It was possible to use a negative offset in a u32 match to reference
the ethernet header or other parts of the link layer header.
This fixes the regression caused by:

commit fbc2e7d9cf
Author: Changli Gao <xiaosuo@gmail.com>
Date:   Wed Jun 2 07:32:42 2010 -0700

    cls_u32: use skb_header_pointer() to dereference data safely

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
stephen hemminger 2010-08-02 13:44:13 +00:00 committed by David S. Miller
parent eabd8ba906
commit 66d50d2550
1 changed files with 4 additions and 2 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

6
net/sched/cls_u32.c
View file

@ -134,10 +134,12 @@ static int u32_classify(struct sk_buff *skb, struct tcf_proto *tp, struct tcf_re
#endif
for (i = n->sel.nkeys; i>0; i--, key++) {
unsigned int toff;
int toff = off + key->off + (off2 & key->offmask);
__be32 *data, _data;
toff = off + key->off + (off2 & key->offmask);
if (skb_headroom(skb) + toff < 0)
goto out;
data = skb_header_pointer(skb, toff, 4, &_data);
if (!data)
goto out;