Unverified Commit 2915e243 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!5063 dccp: fix dccp_v4_err()/dccp_v6_err() again 

Merge Pull Request from: @ci-robot 
 
PR sync from: Ziyang Xuan <william.xuanziyang@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/M73KYWAT52CWBZMCIBW7BJCHH7FLMRXM/ 
 
https://gitee.com/src-openeuler/kernel/issues/I95AT6 
 
Link:https://gitee.com/openeuler/kernel/pulls/5063

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents f91609f4 d5789d4d

net/dccp/ipv4.c

+2 −7
Original line number Diff line number Diff line
@@ -243,13 +243,8 @@ static int dccp_v4_err(struct sk_buff *skb, u32 info) 
	int err;

	struct net *net = dev_net(skb->dev);



	/* For the first __dccp_basic_hdr_len() check, we only need dh->dccph_x,

	 * which is in byte 7 of the dccp header.

	 * Our caller (icmp_socket_deliver()) already pulled 8 bytes for us.

	 *

	 * Later on, we want to access the sequence number fields, which are

	 * beyond 8 bytes, so we have to pskb_may_pull() ourselves.

	 */

	if (!pskb_may_pull(skb, offset + sizeof(*dh)))

		return -EINVAL;

	dh = (struct dccp_hdr *)(skb->data + offset);

	if (!pskb_may_pull(skb, offset + __dccp_basic_hdr_len(dh)))

		return -EINVAL;

net/dccp/ipv6.c

+2 −7
Original line number Diff line number Diff line
@@ -76,13 +76,8 @@ static int dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 
	__u64 seq;

	struct net *net = dev_net(skb->dev);



	/* For the first __dccp_basic_hdr_len() check, we only need dh->dccph_x,

	 * which is in byte 7 of the dccp header.

	 * Our caller (icmpv6_notify()) already pulled 8 bytes for us.

	 *

	 * Later on, we want to access the sequence number fields, which are

	 * beyond 8 bytes, so we have to pskb_may_pull() ourselves.

	 */

	if (!pskb_may_pull(skb, offset + sizeof(*dh)))

		return -EINVAL;

	dh = (struct dccp_hdr *)(skb->data + offset);

	if (!pskb_may_pull(skb, offset + __dccp_basic_hdr_len(dh)))

		return -EINVAL;