From: David S. Miller <davem@davemloft.net>
Date: Thu, 12 Jul 2012 15:06:04 +0000 (-0700)
Subject: ipv4: Put proper checks into icmp_socket_deliver().
X-Git-Tag: upstream/snapshot3+hdmi~6997^2~196
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f0a70e902f483295a8b6d74ef4393bc577b703d7;p=platform%2Fadaptation%2Frenesas_rcar%2Frenesas_kernel.git

ipv4: Put proper checks into icmp_socket_deliver().

All handler->err() routines expect that we've done a pskb_may_pull()
test to make sure that IP header length + 8 bytes can be safely
pulled.

Reported-by: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index d01aeb4..ea3a996 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -640,6 +640,12 @@ static void icmp_socket_deliver(struct sk_buff *skb, u32 info)
 	const struct net_protocol *ipprot;
 	int protocol = iph->protocol;
 
+	/* Checkin full IP header plus 8 bytes of protocol to
+	 * avoid additional coding at protocol handlers.
+	 */
+	if (!pskb_may_pull(skb, iph->ihl * 4 + 8))
+		return;
+
 	raw_icmp_error(skb, protocol, info);
 
 	rcu_read_lock();
@@ -733,12 +739,6 @@ static void icmp_unreach(struct sk_buff *skb)
 		goto out;
 	}
 
-	/* Checkin full IP header plus 8 bytes of protocol to
-	 * avoid additional coding at protocol handlers.
-	 */
-	if (!pskb_may_pull(skb, iph->ihl * 4 + 8))
-		goto out;
-
 	icmp_socket_deliver(skb, info);
 
 out: