git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Willem de Bruijn <willemb@google.com>
	Thu, 10 Mar 2016 02:58:32 +0000 (21:58 -0500)
committer	Tim Gardner <tim.gardner@canonical.com>
	Thu, 21 Apr 2016 13:20:26 +0000 (07:20 -0600)
commit	0780eb5e0b2f578a75bdc9d83bae263a60f8c626
tree	1de2e8f75a90661c7b1fac1be74098971c3b90ed	tree
parent	2c522c72a53451c087a852199f5b50ba9d6b465d	commit \| diff

net: validate variable length ll headers

BugLink: http://bugs.launchpad.net/bugs/1573034
[ Upstream commit 2793a23aacbd754dbbb5cb75093deb7e4103bace ]

Netdevice parameter hard_header_len is variously interpreted both as
an upper and lower bound on link layer header length. The field is
used as upper bound when reserving room at allocation, as lower bound
when validating user input in PF_PACKET.

Clarify the definition to be maximum header length. For validation
of untrusted headers, add an optional validate member to header_ops.

Allow bypassing of validation by passing CAP_SYS_RAWIO, for instance
for deliberate testing of corrupt input. In this case, pad trailing
bytes, as some device drivers expect completely initialized headers.

See also http://comments.gmane.org/gmane.linux.network/401064

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>