git.proxmox.com Git - ovs.git/commit

author	Greg Rose <gvrose8192@gmail.com>
	Tue, 9 Jul 2019 15:25:02 +0000 (08:25 -0700)
committer	Ben Pfaff <blp@ovn.org>
	Wed, 10 Jul 2019 20:04:27 +0000 (13:04 -0700)
commit	b68d6deaa0e23b9083714ec1c89c10c7a62fa595
tree	5b8b58cafff4b57d66a037dca5decef8ae75b0c6	tree
parent	ec61d4707b440ca03413624d3e88edfc23686883	commit \| diff

compat: ip6_gre: fix possible use-after-free in ip6erspan_rcv

Upstream commit:
    commit 2a3cabae4536edbcb21d344e7aa8be7a584d2afb
    Author: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
    Date:   Sat Apr 6 17:16:53 2019 +0200

    net: ip6_gre: fix possible use-after-free in ip6erspan_rcv

    erspan_v6 tunnels run __iptunnel_pull_header on received skbs to remove
    erspan header. This can determine a possible use-after-free accessing
    pkt_md pointer in ip6erspan_rcv since the packet will be 'uncloned'
    running pskb_expand_head if it is a cloned gso skb (e.g if the packet has
    been sent though a veth device). Fix it resetting pkt_md pointer after
    __iptunnel_pull_header

Fixes: 1d7e2ed22f8d ("net: erspan: refactor existing erspan code")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes: c387d8177f20 ("compat: Add ipv6 GRE and IPV6 Tunneling")
Cc: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Acked-by: William Tu <u9012063@gmail.com>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>