review.tizen.org Git - profile/common/kernel-common.git/commit

author	Eric Dumazet <edumazet@google.com>
	Fri, 15 Aug 2014 16:16:04 +0000 (09:16 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 15 Oct 2014 06:36:40 +0000 (08:36 +0200)
commit	454116bc37dfc7f98bd48ee83337b4d4d183a300
tree	6cbd976d45528a69efe8265d6c8a9f320dd95af5	tree \| snapshot
parent	867f806f21c1d071cfe569d7e8a6583adf0b6bb9	commit \| diff

packet: handle too big packets for PACKET_V3

[ Upstream commit dc808110bb62b64a448696ecac3938902c92e1ab ]

af_packet can currently overwrite kernel memory by out of bound
accesses, because it assumed a [new] block can always hold one frame.

This is not generally the case, even if most existing tools do it right.

This patch clamps too long frames as API permits, and issue a one time
error on syslog.

[ 394.357639] tpacket_rcv: packet too big, clamped from 5042 to 3966. macoff=82

In this example, packet header tp_snaplen was set to 3966,
and tp_len was set to 5042 (skb->len)

Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net/packet/af_packet.c		diff \| blob \| history
net/packet/internal.h		diff \| blob \| history