Skip to content

Commit

Permalink
esp: Fix GRO when the headers not fully in the linear part of the skb.
Browse files Browse the repository at this point in the history 
The GRO layer does not necessarily pull the complete headers
into the linear part of the skb, a part may remain on the
first page fragment. This can lead to a crash if we try to
pull the headers, so make sure we have them on the linear
part before pulling.

Fixes: 7785bba ("esp: Add a software GRO codepath")
Reported-by: [email protected]
Signed-off-by: Steffen Klassert <[email protected]>
  • Loading branch information
@klassert
klassert committed Jan 9, 2018
1 parent b1bdcb5 commit 374d1b5
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion net/ipv4/esp4_offload.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ static struct sk_buff **esp4_gro_receive(struct sk_buff **head,
__be32 spi;
int err;

skb_pull(skb, offset);
if (!pskb_pull(skb, offset))
return NULL;

if ((err = xfrm_parse_spi(skb, IPPROTO_ESP, &spi, &seq)) != 0)
goto out;
Expand Down
3 changes: 2 additions & 1 deletion net/ipv6/esp6_offload.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,8 @@ static struct sk_buff **esp6_gro_receive(struct sk_buff **head,
int nhoff;
int err;

skb_pull(skb, offset);
if (!pskb_pull(skb, offset))
return NULL;

if ((err = xfrm_parse_spi(skb, IPPROTO_ESP, &spi, &seq)) != 0)
goto out;
Expand Down

0 comments on commit 374d1b5

Please sign in to comment.