mirror of
https://github.com/torvalds/linux.git
synced 2024-11-14 08:02:07 +00:00
openvswitch: Add length check when retrieving TCP flags.
When collecting TCP flags we check that the IP header indicates that a TCP header is present but not that the packet is actually long enough to contain the header. This adds a check to prevent reading off the end of the packet. In practice, this is only likely to result in reading of bad data and not a crash due to the presence of struct skb_shared_info at the end of the packet. Signed-off-by: Jesse Gross <jesse@nicira.com>
This commit is contained in:
parent
dd775ae254
commit
bf32fecdc1
@ -183,7 +183,8 @@ void ovs_flow_used(struct sw_flow *flow, struct sk_buff *skb)
|
||||
u8 tcp_flags = 0;
|
||||
|
||||
if (flow->key.eth.type == htons(ETH_P_IP) &&
|
||||
flow->key.ip.proto == IPPROTO_TCP) {
|
||||
flow->key.ip.proto == IPPROTO_TCP &&
|
||||
likely(skb->len >= skb_transport_offset(skb) + sizeof(struct tcphdr))) {
|
||||
u8 *tcp = (u8 *)tcp_hdr(skb);
|
||||
tcp_flags = *(tcp + TCP_FLAGS_OFFSET) & TCP_FLAG_MASK;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user