forked from Minki/linux
xfrm: Fix local error reporting crash with interfamily tunnels
We set the outer mode protocol too early. As a result, the local error handler might dispatch to the wrong address family and report the error to a wrong socket type. We fix this by setting the outer protocol to the skb after we accessed the inner mode for the last time, right before we do the atcual encapsulation where we switch finally to the outer mode. Reported-by: Chris Ruehl <chris.ruehl@gtsys.com.hk> Tested-by: Chris Ruehl <chris.ruehl@gtsys.com.hk> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
parent
cd3bafc73d
commit
044a832a77
@ -63,6 +63,7 @@ int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
|
||||
return err;
|
||||
|
||||
IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE;
|
||||
skb->protocol = htons(ETH_P_IP);
|
||||
|
||||
return x->outer_mode->output2(x, skb);
|
||||
}
|
||||
@ -71,7 +72,6 @@ EXPORT_SYMBOL(xfrm4_prepare_output);
|
||||
int xfrm4_output_finish(struct sk_buff *skb)
|
||||
{
|
||||
memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
|
||||
skb->protocol = htons(ETH_P_IP);
|
||||
|
||||
#ifdef CONFIG_NETFILTER
|
||||
IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED;
|
||||
|
@ -114,6 +114,7 @@ int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
|
||||
return err;
|
||||
|
||||
skb->ignore_df = 1;
|
||||
skb->protocol = htons(ETH_P_IPV6);
|
||||
|
||||
return x->outer_mode->output2(x, skb);
|
||||
}
|
||||
@ -122,7 +123,6 @@ EXPORT_SYMBOL(xfrm6_prepare_output);
|
||||
int xfrm6_output_finish(struct sk_buff *skb)
|
||||
{
|
||||
memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
|
||||
skb->protocol = htons(ETH_P_IPV6);
|
||||
|
||||
#ifdef CONFIG_NETFILTER
|
||||
IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;
|
||||
|
Loading…
Reference in New Issue
Block a user