mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-26 15:26:38 -05:00
49 lines
1.5 KiB
Diff
49 lines
1.5 KiB
Diff
From ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32 Mon Sep 17 00:00:00 2001
|
|
From: Paolo Abeni <pabeni@redhat.com>
|
|
Date: Tue, 21 Feb 2017 09:33:18 +0100
|
|
Subject: ip: fix IP_CHECKSUM handling
|
|
|
|
The skbs processed by ip_cmsg_recv() are not guaranteed to
|
|
be linear e.g. when sending UDP packets over loopback with
|
|
MSGMORE.
|
|
Using csum_partial() on [potentially] the whole skb len
|
|
is dangerous; instead be on the safe side and use skb_checksum().
|
|
|
|
Thanks to syzkaller team to detect the issue and provide the
|
|
reproducer.
|
|
|
|
v1 -> v2:
|
|
- move the variable declaration in a tighter scope
|
|
|
|
Fixes: ad6f939ab193 ("ip: Add offset parameter to ip_cmsg_recv")
|
|
Reported-by: Andrey Konovalov <andreyknvl@google.com>
|
|
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
|
Acked-by: Eric Dumazet <edumazet@google.com>
|
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
---
|
|
net/ipv4/ip_sockglue.c | 8 ++++----
|
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
|
|
index ce1386a..ebd953b 100644
|
|
--- a/net/ipv4/ip_sockglue.c
|
|
+++ b/net/ipv4/ip_sockglue.c
|
|
@@ -116,10 +116,10 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
|
|
if (skb->ip_summed != CHECKSUM_COMPLETE)
|
|
return;
|
|
|
|
- if (offset != 0)
|
|
- csum = csum_sub(csum,
|
|
- csum_partial(skb_transport_header(skb) + tlen,
|
|
- offset, 0));
|
|
+ if (offset != 0) {
|
|
+ int tend_off = skb_transport_offset(skb) + tlen;
|
|
+ csum = csum_sub(csum, skb_checksum(skb, tend_off, offset, 0));
|
|
+ }
|
|
|
|
put_cmsg(msg, SOL_IP, IP_CHECKSUM, sizeof(__wsum), &csum);
|
|
}
|
|
--
|
|
cgit v1.1
|
|
|