summaryrefslogtreecommitdiffstats
path: root/net/sched
diff options
context:
space:
mode:
authorAlexander Aring <aring@mojatatu.com>2018-04-20 21:15:04 +0200
committerDavid S. Miller <davem@davemloft.net>2018-04-23 03:12:00 +0200
commitcc74eddd0ff325d57373cea99f642b787d7f76f5 (patch)
treefc8048a8254e5d249763543e20355a0bba0324f1 /net/sched
parentnet: sched: ife: signal not finding metaid (diff)
downloadlinux-cc74eddd0ff325d57373cea99f642b787d7f76f5.tar.xz
linux-cc74eddd0ff325d57373cea99f642b787d7f76f5.zip
net: sched: ife: handle malformed tlv length
There is currently no handling to check on a invalid tlv length. This patch adds such handling to avoid killing the kernel with a malformed ife packet. Signed-off-by: Alexander Aring <aring@mojatatu.com> Reviewed-by: Yotam Gigi <yotam.gi@gmail.com> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sched')
-rw-r--r--net/sched/act_ife.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c
index 49b8ab551fbe..8527cfdc446d 100644
--- a/net/sched/act_ife.c
+++ b/net/sched/act_ife.c
@@ -682,7 +682,12 @@ static int tcf_ife_decode(struct sk_buff *skb, const struct tc_action *a,
u16 mtype;
u16 dlen;
- curr_data = ife_tlv_meta_decode(tlv_data, &mtype, &dlen, NULL);
+ curr_data = ife_tlv_meta_decode(tlv_data, ifehdr_end, &mtype,
+ &dlen, NULL);
+ if (!curr_data) {
+ qstats_drop_inc(this_cpu_ptr(ife->common.cpu_qstats));
+ return TC_ACT_SHOT;
+ }
if (find_decode_metaid(skb, ife, mtype, dlen, curr_data)) {
/* abuse overlimits to count when we receive metadata