mirror of
https://github.com/torvalds/linux
synced 2024-09-21 03:28:37 +00:00
[TCP]: Reset gso_segs if packet is dodgy
I wasn't paranoid enough in verifying GSO information. A bogus gso_segs could upset drivers as much as a bogus header would. Let's reset it in the per-protocol gso_segment functions. I didn't verify gso_size because that can be verified by the source of the dodgy packets. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
598736c556
commit
3820c3f3e4
|
@ -2166,13 +2166,19 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int features)
|
||||||
if (!pskb_may_pull(skb, thlen))
|
if (!pskb_may_pull(skb, thlen))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
segs = NULL;
|
|
||||||
if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST))
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
oldlen = (u16)~skb->len;
|
oldlen = (u16)~skb->len;
|
||||||
__skb_pull(skb, thlen);
|
__skb_pull(skb, thlen);
|
||||||
|
|
||||||
|
if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) {
|
||||||
|
/* Packet is from an untrusted source, reset gso_segs. */
|
||||||
|
int mss = skb_shinfo(skb)->gso_size;
|
||||||
|
|
||||||
|
skb_shinfo(skb)->gso_segs = (skb->len + mss - 1) / mss;
|
||||||
|
|
||||||
|
segs = NULL;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
segs = skb_segment(skb, features);
|
segs = skb_segment(skb, features);
|
||||||
if (IS_ERR(segs))
|
if (IS_ERR(segs))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
Loading…
Reference in a new issue