diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2006-07-04 04:38:35 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-07-04 04:38:35 +0200 |
commit | bbcf467dab42ea3c85f368df346c82af2fbba665 (patch) | |
tree | e9fe30c1be9c6a3773454bad3eefaabf4f5bee48 /net/ipv4/tcp.c | |
parent | [IPVS]: Add sysctl documentation (diff) | |
download | linux-bbcf467dab42ea3c85f368df346c82af2fbba665.tar.xz linux-bbcf467dab42ea3c85f368df346c82af2fbba665.zip |
[NET]: Verify gso_type too in gso_segment
We don't want nasty Xen guests to pass a TCPv6 packet in with gso_type set
to TCPv4 or even UDP (or a packet that's both TCP and UDP).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp.c')
-rw-r--r-- | net/ipv4/tcp.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index 804458712d88..f6a2d9223d07 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -2170,8 +2170,19 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int features) if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) { /* Packet is from an untrusted source, reset gso_segs. */ - int mss = skb_shinfo(skb)->gso_size; + int type = skb_shinfo(skb)->gso_type; + int mss; + + if (unlikely(type & + ~(SKB_GSO_TCPV4 | + SKB_GSO_DODGY | + SKB_GSO_TCP_ECN | + SKB_GSO_TCPV6 | + 0) || + !(type & (SKB_GSO_TCPV4 | SKB_GSO_TCPV6)))) + goto out; + mss = skb_shinfo(skb)->gso_size; skb_shinfo(skb)->gso_segs = (skb->len + mss - 1) / mss; segs = NULL; |