review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Stefan Nuernberger <snu@amazon.com>
	Mon, 17 Sep 2018 17:46:53 +0000 (19:46 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 13 Nov 2018 19:15:04 +0000 (11:15 -0800)
commit	1d982ccf0e67d9248a10a5aab1f3d96825099a19
tree	58713f0021b625ba6ad2e7d1f9d5dc6cdc46042e	tree \| snapshot
parent	0c38cad1d15004c2d6dc188a6f3f362a98883334	commit \| diff

net/ipv4: defensive cipso option parsing

commit 076ed3da0c9b2f88d9157dbe7044a45641ae369e upstream.

commit 40413955ee26 ("Cipso: cipso_v4_optptr enter infinite loop") fixed
a possible infinite loop in the IP option parsing of CIPSO. The fix
assumes that ip_options_compile filtered out all zero length options and
that no other one-byte options beside IPOPT_END and IPOPT_NOOP exist.
While this assumption currently holds true, add explicit checks for zero
length and invalid length options to be safe for the future. Even though
ip_options_compile should have validated the options, the introduction of
new one-byte options can still confuse this code without the additional
checks.

Signed-off-by: Stefan Nuernberger <snu@amazon.com>
Cc: David Woodhouse <dwmw@amazon.co.uk>
Cc: Simon Veith <sveith@amazon.de>
Cc: stable@vger.kernel.org
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>