Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
packet: handle too big packets for PACKET_V3
af_packet can currently overwrite kernel memory by out of bound accesses, because it assumed a [new] block can always hold one frame. This is not generally the case, even if most existing tools do it right. This patch clamps too long frames as API permits, and issue a one time error on syslog. [ 394.357639] tpacket_rcv: packet too big, clamped from 5042 to 3966. macoff=82 In this example, packet header tp_snaplen was set to 3966, and tp_len was set to 5042 (skb->len) Signed-off-by: Eric Dumazet <[email protected]> Fixes: f6fb8f1 ("af-packet: TPACKET_V3 flexible buffer implementation.") Acked-by: Daniel Borkmann <[email protected]> Acked-by: Neil Horman <[email protected]> Signed-off-by: David S. Miller <[email protected]>
- Loading branch information