diff options
author | Willem de Bruijn <willemb@google.com> | 2019-02-15 20:15:47 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-02-16 07:30:37 +0300 |
commit | d5be7f632bad0f489879eed0ff4b99bd7fe0b74c (patch) | |
tree | 611f6b5968dbaed249619d63ec6e060ad10d33c6 /crypto/poly1305_generic.c | |
parent | 3b89ea9c5902acccdbbdec307c85edd1bf52515e (diff) | |
download | linux-d5be7f632bad0f489879eed0ff4b99bd7fe0b74c.tar.xz |
net: validate untrusted gso packets without csum offload
Syzkaller again found a path to a kernel crash through bad gso input.
By building an excessively large packet to cause an skb field to wrap.
If VIRTIO_NET_HDR_F_NEEDS_CSUM was set this would have been dropped in
skb_partial_csum_set.
GSO packets that do not set checksum offload are suspicious and rare.
Most callers of virtio_net_hdr_to_skb already pass them to
skb_probe_transport_header.
Move that test forward, change it to detect parse failure and drop
packets on failure as those cleary are not one of the legitimate
VIRTIO_NET_HDR_GSO types.
Fixes: bfd5f4a3d605 ("packet: Add GSO/csum offload support.")
Fixes: f43798c27684 ("tun: Allow GSO using virtio_net_hdr")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'crypto/poly1305_generic.c')
0 files changed, 0 insertions, 0 deletions