Commit c3780fde authored by Sven Eckelmann's avatar Sven Eckelmann Committed by Sasha Levin

batman-adv: Check skb size before using encapsulated ETH+VLAN header

[ Upstream commit c7829666 ]

The encapsulated ethernet and VLAN header may be outside the received
ethernet frame. Thus the skb buffer size has to be checked before it can be
parsed to find out if it encapsulates another batman-adv packet.

Fixes: 42019357 ("batman-adv: softif bridge loop avoidance")
Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: default avatarAntonio Quartulli <a@unstable.cc>
Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
parent aa9be0d6
...@@ -378,11 +378,17 @@ void batadv_interface_rx(struct net_device *soft_iface, ...@@ -378,11 +378,17 @@ void batadv_interface_rx(struct net_device *soft_iface,
*/ */
nf_reset(skb); nf_reset(skb);
if (unlikely(!pskb_may_pull(skb, ETH_HLEN)))
goto dropped;
vid = batadv_get_vid(skb, 0); vid = batadv_get_vid(skb, 0);
ethhdr = eth_hdr(skb); ethhdr = eth_hdr(skb);
switch (ntohs(ethhdr->h_proto)) { switch (ntohs(ethhdr->h_proto)) {
case ETH_P_8021Q: case ETH_P_8021Q:
if (!pskb_may_pull(skb, VLAN_ETH_HLEN))
goto dropped;
vhdr = (struct vlan_ethhdr *)skb->data; vhdr = (struct vlan_ethhdr *)skb->data;
if (vhdr->h_vlan_encapsulated_proto != ethertype) if (vhdr->h_vlan_encapsulated_proto != ethertype)
...@@ -394,8 +400,6 @@ void batadv_interface_rx(struct net_device *soft_iface, ...@@ -394,8 +400,6 @@ void batadv_interface_rx(struct net_device *soft_iface,
} }
/* skb->dev & skb->pkt_type are set here */ /* skb->dev & skb->pkt_type are set here */
if (unlikely(!pskb_may_pull(skb, ETH_HLEN)))
goto dropped;
skb->protocol = eth_type_trans(skb, soft_iface); skb->protocol = eth_type_trans(skb, soft_iface);
/* should not be necessary anymore as we use skb_pull_rcsum() /* should not be necessary anymore as we use skb_pull_rcsum()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment