diff options
author | Alexander Aring <aring@mojatatu.com> | 2018-04-20 21:15:04 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-04-23 03:12:00 +0200 |
commit | cc74eddd0ff325d57373cea99f642b787d7f76f5 (patch) | |
tree | fc8048a8254e5d249763543e20355a0bba0324f1 /net/sched | |
parent | net: sched: ife: signal not finding metaid (diff) | |
download | linux-cc74eddd0ff325d57373cea99f642b787d7f76f5.tar.xz linux-cc74eddd0ff325d57373cea99f642b787d7f76f5.zip |
net: sched: ife: handle malformed tlv length
There is currently no handling to check on a invalid tlv length. This
patch adds such handling to avoid killing the kernel with a malformed
ife packet.
Signed-off-by: Alexander Aring <aring@mojatatu.com>
Reviewed-by: Yotam Gigi <yotam.gi@gmail.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sched')
-rw-r--r-- | net/sched/act_ife.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c index 49b8ab551fbe..8527cfdc446d 100644 --- a/net/sched/act_ife.c +++ b/net/sched/act_ife.c @@ -682,7 +682,12 @@ static int tcf_ife_decode(struct sk_buff *skb, const struct tc_action *a, u16 mtype; u16 dlen; - curr_data = ife_tlv_meta_decode(tlv_data, &mtype, &dlen, NULL); + curr_data = ife_tlv_meta_decode(tlv_data, ifehdr_end, &mtype, + &dlen, NULL); + if (!curr_data) { + qstats_drop_inc(this_cpu_ptr(ife->common.cpu_qstats)); + return TC_ACT_SHOT; + } if (find_decode_metaid(skb, ife, mtype, dlen, curr_data)) { /* abuse overlimits to count when we receive metadata |