| Message ID | 1501471381-12808-1-git-send-email-yujuan.qi@mediatek.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Sun, Jul 30, 2017 at 11:23 PM, Yujuan Qi <yujuan.qi@mediatek.com> wrote: > From: "yujuan.qi" <yujuan.qi@mediatek.com> > > in for(),if((optlen > 0) && (optptr[1] == 0)), enter infinite loop. > > Test: receive a packet which the ip length > 20 and the first byte of ip option is 0, produce this issue > > Signed-off-by: yujuan.qi <yujuan.qi@mediatek.com> > --- > net/ipv4/cipso_ipv4.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) Considering I gave you the code below I should probably ack it, right? ;) Acked-by: Paul Moore <paul@paul-moore.com> > diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c > index ae20616..0d1e07d 100644 > --- a/net/ipv4/cipso_ipv4.c > +++ b/net/ipv4/cipso_ipv4.c > @@ -1523,9 +1523,17 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb) > int taglen; > > for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) { > - if (optptr[0] == IPOPT_CIPSO) > + switch (optptr[0]) { > + case IPOPT_CIPSO: > return optptr; > - taglen = optptr[1]; > + case IPOPT_END: > + return NULL; > + case IPOPT_NOOP: > + taglen = 1; > + break; > + default: > + taglen = optptr[1]; > + } > optlen -= taglen; > optptr += taglen; > }
Hi On Mon, 2017-07-31 at 16:13 -0400, Paul Moore wrote: > On Sun, Jul 30, 2017 at 11:23 PM, Yujuan Qi <yujuan.qi@mediatek.com> wrote: > > From: "yujuan.qi" <yujuan.qi@mediatek.com> > > > > in for(),if((optlen > 0) && (optptr[1] == 0)), enter infinite loop. > > > > Test: receive a packet which the ip length > 20 and t he first byte of ip option is 0, produce this issue > > > > Signed-off-by: yujuan.qi <yujuan.qi@mediatek.com> > > --- > > net/ipv4/cipso_ipv4.c | 12 ++++++++++-- > > 1 file changed, 10 insertions(+), 2 deletions(-) > > Considering I gave you the code below I should probably ack it, right? ;) > > Acked-by: Paul Moore <paul@paul-moore.com> Yes! Thanks for your suggestions! > > diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c > > index ae20616..0d1e07d 100644 > > --- a/net/ipv4/cipso_ipv4.c > > +++ b/net/ipv4/cipso_ipv4.c > > @@ -1523,9 +1523,17 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb) > > int taglen; > > > > for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) { > > - if (optptr[0] == IPOPT_CIPSO) > > + switch (optptr[0]) { > > + case IPOPT_CIPSO: > > return optptr; > > - taglen = optptr[1]; > > + case IPOPT_END: > > + return NULL; > > + case IPOPT_NOOP: > > + taglen = 1; > > + break; > > + default: > > + taglen = optptr[1]; > > + } > > optlen -= taglen; > > optptr += taglen; > > } >
From: Yujuan Qi <yujuan.qi@mediatek.com> Date: Mon, 31 Jul 2017 11:23:01 +0800 > From: "yujuan.qi" <yujuan.qi@mediatek.com> > > in for(),if((optlen > 0) && (optptr[1] == 0)), enter infinite loop. > > Test: receive a packet which the ip length > 20 and the first byte of ip option is 0, produce this issue > > Signed-off-by: yujuan.qi <yujuan.qi@mediatek.com> Applied, thanks.
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index ae20616..0d1e07d 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -1523,9 +1523,17 @@ unsigned char *cipso_v4_optptr(const struct sk_buff *skb) int taglen; for (optlen = iph->ihl*4 - sizeof(struct iphdr); optlen > 0; ) { - if (optptr[0] == IPOPT_CIPSO) + switch (optptr[0]) { + case IPOPT_CIPSO: return optptr; - taglen = optptr[1]; + case IPOPT_END: + return NULL; + case IPOPT_NOOP: + taglen = 1; + break; + default: + taglen = optptr[1]; + } optlen -= taglen; optptr += taglen; }