projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b8ce0e6)
tipc: Fix potential OOB in tipc_link_proto_rcv()
authorYueHaibing <yuehaibing@huawei.com>
Sat, 3 Dec 2022 09:46:35 +0000 (17:46 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 14 Dec 2022 10:37:28 +0000 (11:37 +0100)
[ Upstream commit 743117a997bbd4840e827295c07e59bcd7f7caa3 ]

Fix the potential risk of OOB if skb_linearize() fails in
tipc_link_proto_rcv().

Fixes: 5cbb28a4bf65 ("tipc: linearize arriving NAME_DISTR and LINK_PROTO buffers")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Link: https://lore.kernel.org/r/20221203094635.29024-1-yuehaibing@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/tipc/link.c patch | blob | history

diff --git a/net/tipc/link.c b/net/tipc/link.c
index 115a4a7..8fdd3b2 100644 (file)
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -2223,7 +2223,9 @@ static int tipc_link_proto_rcv(struct tipc_link *l, struct sk_buff *skb,
        if (tipc_own_addr(l->net) > msg_prevnode(hdr))
                l->net_plane = msg_net_plane(hdr);
 
-       skb_linearize(skb);
+       if (skb_linearize(skb))
+               goto exit;
+
        hdr = buf_msg(skb);
        data = msg_data(hdr);
 
Domain: System / Kernel;