Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit f1fb521f7d94c35e278d76a9198f078223f26799

Authored by Thomas Graf
Committed by David S. Miller
1 parent bb1553c800
Exists in ti-lsk-linux-4.1.y and in 10 other branches dlt-processor-sdk-linux-03.00.00.04, processor-sdk-linux-02.00.01, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04

ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() 

The encap->type comes straight from Netlink. Validate it against
max supported encap types just like ip_encap_hlen() already does.

Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)")
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 1 changed file with 3 additions and 0 deletions Side-by-side Diff

net/ipv4/ip_tunnel.c
Diff comments   View file @ f1fb521
... ... @@ -573,6 +573,9 @@
573 573 if (t->encap.type == TUNNEL_ENCAP_NONE)
574 574 return 0;
575 575  
  576 + if (t->encap.type >= MAX_IPTUN_ENCAP_OPS)
  577 + return -EINVAL;
  578 +
576 579 rcu_read_lock();
577 580 ops = rcu_dereference(iptun_encaps[t->encap.type]);
578 581 if (likely(ops && ops->build_header))