Re: [PATCH][MCAST]IPv6: Check packet size when process MulticastAddress and Source Specific Query
From: YOSHIFUJI Hideaki / 吉藤英明
Date: Mon Oct 31 2005 - 00:27:15 EST
In article <4365A995.3050404@xxxxxxxx> (at Mon, 31 Oct 2005 13:20:21 +0800), Yan Zheng <yanzheng@xxxxxxxx> says:
>
> Signed-off-by: Yan Zheng <yanzheng@xxxxxxxx>
>
> Index: net/ipv6/mcast.c
> ================================================================================
> --- linux-2.6.14/net/ipv6/mcast.c 2005-10-30 23:09:33.000000000 +0800
> +++ linux/net/ipv6/mcast.c 2005-10-31 13:13:10.000000000 +0800
> @@ -1156,7 +1156,12 @@ int igmp6_event_query(struct sk_buff *sk
> return 0;
> }
> /* mark sources to include, if group & source-specific */
> - mark = mlh2->nsrcs != 0;
> + if (mlh2->nsrcs != 0) {
> + if (!pskb_may_pull(skb, mlh2->nsrcs * sizeof(struct in6_addr) +
> + (sizeof(struct mld2_query) - sizeof(struct icmp6hdr))))
> + return -EINVAL;
> + mark = 1;
> + }
> } else {
> in6_dev_put(idev);
> return -EINVAL;
You cannot continue using mlh2, local copy of skb->h.raw
after pskb_may_pull(). Please refresh it.
--yoshfuji
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/