diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2006-07-03 19:38:35 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-07-03 19:38:35 -0700 |
commit | bbcf467dab42ea3c85f368df346c82af2fbba665 (patch) | |
tree | e9fe30c1be9c6a3773454bad3eefaabf4f5bee48 /net/ipv6 | |
parent | 6ce1669fdb6b0a0faf9b2e2ba08048b520c57841 (diff) | |
download | kernel-crypto-bbcf467dab42ea3c85f368df346c82af2fbba665.tar.gz kernel-crypto-bbcf467dab42ea3c85f368df346c82af2fbba665.tar.xz kernel-crypto-bbcf467dab42ea3c85f368df346c82af2fbba665.zip |
[NET]: Verify gso_type too in gso_segment
We don't want nasty Xen guests to pass a TCPv6 packet in with gso_type set
to TCPv4 or even UDP (or a packet that's both TCP and UDP).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/ipv6_sockglue.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index c28e5c28744..ec59344478d 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -64,6 +64,14 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb, int features) struct inet6_protocol *ops; int proto; + if (unlikely(skb_shinfo(skb)->gso_type & + ~(SKB_GSO_UDP | + SKB_GSO_DODGY | + SKB_GSO_TCP_ECN | + SKB_GSO_TCPV6 | + 0))) + goto out; + if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h)))) goto out; |