diff options
author | Thomas Graf <tgraf@suug.ch> | 2015-07-21 11:43:55 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-07-21 20:39:05 +0300 |
commit | 773a69d64bf65eb6c212c97e9737963a2cf668fd (patch) | |
tree | 2d1f6bbc1cd2d4dce31f1b80d91e0ce7b1339743 | |
parent | 1d8fff907342d2339796dbd27ea47d0e76a6a2d0 (diff) | |
download | linux-773a69d64bf65eb6c212c97e9737963a2cf668fd.tar.xz |
icmp: Don't leak original dst into ip_route_input()
ip_route_input() unconditionally overwrites the dst. Hide the original
dst attached to the skb by calling skb_dst_set(skb, NULL) prior to
ip_route_input().
Reported-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/icmp.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index f5203fba6236..c0556f1e4bf0 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -496,6 +496,7 @@ static struct rtable *icmp_route_lookup(struct net *net, } /* Ugh! */ orefdst = skb_in->_skb_refdst; /* save old refdst */ + skb_dst_set(skb_in, NULL); err = ip_route_input(skb_in, fl4_dec.daddr, fl4_dec.saddr, RT_TOS(tos), rt2->dst.dev); |