Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d6602858 authored by Subash Abhinov Kasiviswanathan's avatar Subash Abhinov Kasiviswanathan
Browse files

net: flow_dissector: fail on evil iph->ihl 



We don't validate iph->ihl which may lead a dead loop if we meet a IPIP
skb whose iph->ihl is zero. Fix this by failing immediately when iph->ihl
is evil (less than 5).

CRs-Fixed: 589913
Change-Id: Ifd7be75d153d7504704e7ff9d8f63fe3767326d2
Acked-by: default avatarDavid Arinzon <darinzon@qti.qualcomm.com>
Signed-off-by: default avatarSubash Abhinov Kasiviswanathan <subashab@codeaurora.org>
parent 02983880

net/core/flow_dissector.c

+1 −1
Original line number Diff line number Diff line
@@ -40,7 +40,7 @@ again: 
		struct iphdr _iph;

ip:

		iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);

		if (!iph)

		if (!iph || iph->ihl < 5)

			return false;



		if (ip_is_fragment(iph))