On Thu, Feb 10, 2011 at 10:35:44PM -0800, David Miller wrote:
>
> Herbert how does this look for now?
This should work.
> Of course, we need to do something similar in all kinds of other spots.
>
> Even places like bridging :-/
Yeah every place that does skb->len and skb_is_gso checks will need
this.
> +static bool send_frag_needed(struct sk_buff *skb, struct rtable *rt)
> +{
> + unsigned int len_to_check = skb->len;
> +
> + if (skb_is_gso(skb)) {
> + unsigned int gso_size = skb_shinfo(skb)->gso_size;
> + unsigned int ihl = ip_hdr(skb)->ihl * 4;
> + struct tcphdr th_stack, *th;
> +
> + if (WARN_ON_ONCE(ip_hdr(skb)->protocol != IPPROTO_TCP))
> + return false;
> +
> + th = skb_header_pointer(skb, ihl, sizeof(th_stack),
> + &th_stack);
> + if (!th)
> + return false;
> +
> + len_to_check = gso_size + ihl + (th->doff * 4);
I think we need to do some length verifications here because for
a malicious guest-generated packet the TCP header may not be present.
Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
