Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 463bca2d authored by Eric Dumazet's avatar Eric Dumazet Committed by Samuel Pascua
Browse files

net-fixes: flow_dissector: prevent an infinite loop (CVE-2013-4348) 



Jason Wang found that a malicious packet could make skb_flow_dissect()
loop forever. We must check that IP header has a valid ihl to avoid
this loop. It involves IPIP encapsulation and ihl = 0 to trigger.

Given this bug is critical, I cooked a patch before having
a fix in upstream kernel.

Tested:

 Compiled/booted
 Ran some tests on bnx2x and explicitely disabled hardware provided rxhash
 ethtool -K eth1 rxhash off
 ethtool -K eth2 rxhash off

Google-Bug-Id: 11465355
Effort: net-fixes
Change-Id: I813e4dc48cecb05f8edfa218304e1f13fd764323

Signed-off-by: default avatarSimarpreet Singh <simar@linux.com>
parent 50727ca1
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment