malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

sctp: load transport header after sk_filter

Browse Source 
Do not cache pointers into the skb linear segment across sk_filter.
The function call can trigger pskb_expand_head.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Willem de Bruijn 2016-07-16 17:33:15 -04:00 committed by David S. Miller
parent 0564bf0afa
commit c74bfbdba0
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
net/sctp/input.c
View File

@ -112,7 +112,6 @@ int sctp_rcv(struct sk_buff *skb)
struct sctp_ep_common *rcvr; struct sctp_ep_common *rcvr;
struct sctp_transport *transport = NULL; struct sctp_transport *transport = NULL;
struct sctp_chunk *chunk; struct sctp_chunk *chunk;
struct sctphdr *sh;
union sctp_addr src; union sctp_addr src;
union sctp_addr dest; union sctp_addr dest;
int family; int family;
@ -127,8 +126,6 @@ int sctp_rcv(struct sk_buff *skb)
if (skb_linearize(skb)) if (skb_linearize(skb))
goto discard_it; goto discard_it;
sh = sctp_hdr(skb);
/* Pull up the IP and SCTP headers. */ /* Pull up the IP and SCTP headers. */
__skb_pull(skb, skb_transport_offset(skb)); __skb_pull(skb, skb_transport_offset(skb));
if (skb->len < sizeof(struct sctphdr)) if (skb->len < sizeof(struct sctphdr))
@ -230,7 +227,7 @@ int sctp_rcv(struct sk_buff *skb)
chunk->rcvr = rcvr; chunk->rcvr = rcvr;
/* Remember the SCTP header. */ /* Remember the SCTP header. */
chunk->sctp_hdr = sh; chunk->sctp_hdr = sctp_hdr(skb);
/* Set the source and destination addresses of the incoming chunk. */ /* Set the source and destination addresses of the incoming chunk. */
sctp_init_addrs(chunk, &src, &dest); sctp_init_addrs(chunk, &src, &dest);