Unverified Commit 27fb9c3c authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!14159 netfilter: nft_payload: sanitize offset and length before calling skb_checksum() 

Merge Pull Request from: @ci-robot 
 
PR sync from: Dong Chenchen <dongchenchen2@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/HVW7KY7TIRIC3A477TYSWDH7AAV5EXL3/ 
 
https://gitee.com/src-openeuler/kernel/issues/IB37AM 
 
Link:https://gitee.com/openeuler/kernel/pulls/14159

 

Reviewed-by: default avatarYuan Can <yuancan@huawei.com>
Reviewed-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
Signed-off-by: default avatarYuan Can <yuancan@huawei.com>
parents c61b557e 4cb3f5b8

net/netfilter/nft_payload.c

+3 −0
Original line number Diff line number Diff line
@@ -306,6 +306,9 @@ static void nft_payload_set_eval(const struct nft_expr *expr, 
	if ((priv->csum_type == NFT_PAYLOAD_CSUM_INET || priv->csum_flags) &&

	    (priv->base != NFT_PAYLOAD_TRANSPORT_HEADER ||

	     skb->ip_summed != CHECKSUM_PARTIAL)) {

		if (offset + priv->len > skb->len)

			goto err;



		fsum = skb_checksum(skb, offset, priv->len, 0);

		tsum = csum_partial(src, priv->len, 0);