summaryrefslogtreecommitdiffstats
path: root/scripts/ld-version.sh
diff options
context:
space:
mode:
authorToke Høiland-Jørgensen <toke@redhat.com>2020-07-07 13:03:25 +0200
committerDavid S. Miller <davem@davemloft.net>2020-07-07 15:48:38 -0700
commit469aceddfa3ed16e17ee30533fae45e90f62efd8 (patch)
tree2d2cd732d419bf63db47faa8ff36265d1184ee1d /scripts/ld-version.sh
parentda3287111ab43b32cec54d7ca6b48640f210a196 (diff)
downloadlinux-469aceddfa3ed16e17ee30533fae45e90f62efd8.tar.bz2
vlan: consolidate VLAN parsing code and limit max parsing depth
Toshiaki pointed out that we now have two very similar functions to extract the L3 protocol number in the presence of VLAN tags. And Daniel pointed out that the unbounded parsing loop makes it possible for maliciously crafted packets to loop through potentially hundreds of tags. Fix both of these issues by consolidating the two parsing functions and limiting the VLAN tag parsing to a max depth of 8 tags. As part of this, switch over __vlan_get_protocol() to use skb_header_pointer() instead of pskb_may_pull(), to avoid the possible side effects of the latter and keep the skb pointer 'const' through all the parsing functions. v2: - Use limit of 8 tags instead of 32 (matching XMIT_RECURSION_LIMIT) Reported-by: Toshiaki Makita <toshiaki.makita1@gmail.com> Reported-by: Daniel Borkmann <daniel@iogearbox.net> Fixes: d7bf2ebebc2b ("sched: consistently handle layer3 header accesses in the presence of VLANs") Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'scripts/ld-version.sh')
0 files changed, 0 insertions, 0 deletions