On 05.12.23 09:04, Paolo Abeni wrote: Hi,
I think the above is not strict enough: at this point skb->data points to the gl_packet header. The first 4 bytes in skb are gl_packet-packet_length. To ensure an overflow is avoided you should check for:if (size + 4 > skb->len) likely with a describing comment.
it seems to me that at the time of the check skb->len has already been adjusted by the skb_pull() before, respectively at the end, of the loop. Regards Oliver
