summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Graf <tgraf@suug.ch>2015-07-21 11:43:55 +0300
committerDavid S. Miller <davem@davemloft.net>2015-07-21 20:39:05 +0300
commit773a69d64bf65eb6c212c97e9737963a2cf668fd (patch)
tree2d1f6bbc1cd2d4dce31f1b80d91e0ce7b1339743
parent1d8fff907342d2339796dbd27ea47d0e76a6a2d0 (diff)
downloadlinux-773a69d64bf65eb6c212c97e9737963a2cf668fd.tar.xz
icmp: Don't leak original dst into ip_route_input()
ip_route_input() unconditionally overwrites the dst. Hide the original dst attached to the skb by calling skb_dst_set(skb, NULL) prior to ip_route_input(). Reported-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Thomas Graf <tgraf@suug.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/icmp.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index f5203fba6236..c0556f1e4bf0 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -496,6 +496,7 @@ static struct rtable *icmp_route_lookup(struct net *net,
}
/* Ugh! */
orefdst = skb_in->_skb_refdst; /* save old refdst */
+ skb_dst_set(skb_in, NULL);
err = ip_route_input(skb_in, fl4_dec.daddr, fl4_dec.saddr,
RT_TOS(tos), rt2->dst.dev);