On Thu, 2010-08-26 at 09:03 +0100, Eric Dumazet wrote:
> Here is the patch, could you test it please ?
>
> Thanks !
>
> [PATCH] l2tp: test for malicious frames in l2tp_eth_dev_recv()
>
> close https://bugzilla.kernel.org/show_bug.cgi?id=16529
>
> Before calling dev_forward_skb(), we should make sure skb contains at
> least an ethernet header, even if length included in upper layer said
> so.
Does this imply that there is some problem with xen-netfront setting
skb->len or skb->data_len or something incorrectly? It's not clear where
data_len has come from in this context.
Ian.
>
> Reported-by: Thomas Heil <heil@xxxxxxxxxxxxxxxxxxxxxx>
> Reported-by: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>
> Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
> ---
> net/l2tp/l2tp_core.c | 2 +-
> net/l2tp/l2tp_eth.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c
> index 58c6c4c..0687c5c 100644
> --- a/net/l2tp/l2tp_eth.c
> +++ b/net/l2tp/l2tp_eth.c
> @@ -132,7 +132,7 @@ static void l2tp_eth_dev_recv(struct l2tp_session
> *session, struct sk_buff *skb,
> printk("\n");
> }
>
> - if (data_len < ETH_HLEN)
> + if (skb->len < ETH_HLEN)
> goto error;
>
> secpath_reset(skb);
>
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home