ipv4: Put proper checks into icmp_socket_deliver().
All handler->err() routines expect that we've done a pskb_may_pull() test to make sure that IP header length + 8 bytes can be safely pulled. Reported-by: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
parent
065f5f9749
commit
f0a70e902f
1 changed files with 6 additions and 6 deletions
|
|
@ -640,6 +640,12 @@ static void icmp_socket_deliver(struct sk_buff *skb, u32 info)
|
|||
const struct net_protocol *ipprot;
|
||||
int protocol = iph->protocol;
|
||||
|
||||
/* Checkin full IP header plus 8 bytes of protocol to
|
||||
* avoid additional coding at protocol handlers.
|
||||
*/
|
||||
if (!pskb_may_pull(skb, iph->ihl * 4 + 8))
|
||||
return;
|
||||
|
||||
raw_icmp_error(skb, protocol, info);
|
||||
|
||||
rcu_read_lock();
|
||||
|
|
@ -733,12 +739,6 @@ static void icmp_unreach(struct sk_buff *skb)
|
|||
goto out;
|
||||
}
|
||||
|
||||
/* Checkin full IP header plus 8 bytes of protocol to
|
||||
* avoid additional coding at protocol handlers.
|
||||
*/
|
||||
if (!pskb_may_pull(skb, iph->ihl * 4 + 8))
|
||||
goto out;
|
||||
|
||||
icmp_socket_deliver(skb, info);
|
||||
|
||||
out:
|
||||
|
|
|
|||
Loading…
Reference in a new issue