| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
[Xen-devel] Re: [Bugme-new] [Bug 16529] New: xennet driver crashes when
|
To: |
Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>, David Miller <davem@xxxxxxxxxxxxx> |
|
Subject: |
[Xen-devel] Re: [Bugme-new] [Bug 16529] New: xennet driver crashes when using with pseudowire aka l2tpv3 |
|
From: |
Eric Dumazet <eric.dumazet@xxxxxxxxx> |
|
Date: |
Thu, 26 Aug 2010 10:03:08 +0200 |
|
Cc: |
Jeremy Fitzhardinge <jeremy@xxxxxxxx>, "Xen-devel@xxxxxxxxxxxxxxxxxxx" <Xen-devel@xxxxxxxxxxxxxxxxxxx>, "netdev@xxxxxxxxxxxxxxx" <netdev@xxxxxxxxxxxxxxx>, "bugzilla-daemon@xxxxxxxxxxxxxxxxxxx" <bugzilla-daemon@xxxxxxxxxxxxxxxxxxx>, James Chapman <jchapman@xxxxxxxxxxx>, Chris Wright <chrisw@xxxxxxxxxxxx>, "bugme-daemon@xxxxxxxxxxxxxxxxxxx" <bugme-daemon@xxxxxxxxxxxxxxxxxxx>, "heil@xxxxxxxxxxxxxxxxxxxxxx" <heil@xxxxxxxxxxxxxxxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> |
|
Delivery-date: |
Thu, 26 Aug 2010 10:14:08 -0700 |
|
Dkim-signature: |
v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=I6uGTomb2MeVmyG/YC1467PFMDdi5UzD0s6+TOj+J34=; b=vn4IPKLaX+rS9yw8ygbNtASZ1UImxqGl1ihoJwthK3TxT2e3EwUtxR3KigSCfJUwCK rCZheVAQVtzvGPrKz3i/Uc8msZHzZaY1Wb9oc5pHe5m/fzVqSZJ5c8m/ZNC/LAidLkDf 8r051xq1i76WlGXCLSyXZb+hOSvDga58+nG64= |
|
Domainkey-signature: |
a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer:content-transfer-encoding; b=c20ESYleq0BqFMHHMxycocb7n5n0KGmaZ9OrvvbUQMSfXgA/NblbmGOkXCwsVgYFI7 uxqHsPnMtjOyMEUfdUth2bhTc5iGueUls4FFmZXvLoE20LxMwrn+20mwCSFtUUCbCB5I yEcn9eCTB1y11te/z4Ub117Ixtqlf6WAREz7k= |
|
Envelope-to: |
www-data@xxxxxxxxxxxxxxxxxxx |
|
In-reply-to: |
<1282806640.3469.26.camel@xxxxxxxxxxxxxxxxxxxxx> |
|
List-help: |
<mailto:xen-devel-request@lists.xensource.com?subject=help> |
|
List-id: |
Xen developer discussion <xen-devel.lists.xensource.com> |
|
List-post: |
<mailto:xen-devel@lists.xensource.com> |
|
List-subscribe: |
<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
|
List-unsubscribe: |
<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
|
References: |
<bug-16529-10286@xxxxxxxxxxxxxxxxxxxxxxxxx/> <20100825153107.2f547f0e.akpm@xxxxxxxxxxxxxxxxxxxx> <4C759F8C.9050301@xxxxxxxx> <1282806640.3469.26.camel@xxxxxxxxxxxxxxxxxxxxx> |
|
Sender: |
xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
Here is the patch, could you test it please ?
Thanks !
[PATCH] l2tp: test for malicious frames in l2tp_eth_dev_recv()
close https://bugzilla.kernel.org/show_bug.cgi?id=16529
Before calling dev_forward_skb(), we should make sure skb contains at
least an ethernet header, even if length included in upper layer said
so.
Reported-by: Thomas Heil <heil@xxxxxxxxxxxxxxxxxxxxxx>
Reported-by: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
---
net/l2tp/l2tp_core.c | 2 +-
net/l2tp/l2tp_eth.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c
index 58c6c4c..0687c5c 100644
--- a/net/l2tp/l2tp_eth.c
+++ b/net/l2tp/l2tp_eth.c
@@ -132,7 +132,7 @@ static void l2tp_eth_dev_recv(struct l2tp_session *session,
struct sk_buff *skb,
printk("\n");
}
- if (data_len < ETH_HLEN)
+ if (skb->len < ETH_HLEN)
goto error;
secpath_reset(skb);
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home