Unverified Commit 4fee6fde authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!4662 v3 CVE-2023-52435 

Merge Pull Request from: @ci-robot 
 
PR sync from: Ziyang Xuan <william.xuanziyang@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/YJ4EFRQOTDCI2FUB34R6Q4QEE7Y4Q42F/ 
Patchset for CVE-2023-52435.

v3:
  - Fix comment head of patch 2.

v2:
  - Fix comment head of patch 1.
  - Fix compile warning of patch 1.

Eric Dumazet (1):
  net: prevent mss overflow in skb_segment()

Ziyang Xuan (1):
  net: Fix compile warning in skb_segment()


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/I92HXW 
 
Link:https://gitee.com/openeuler/kernel/pulls/4662

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents 6201b1cd 7ef626ca

net/core/skbuff.c

+2 −1
Original line number Diff line number Diff line
@@ -3955,8 +3955,9 @@ struct sk_buff *skb_segment(struct sk_buff *head_skb, 
		/* GSO partial only requires that we trim off any excess that

		 * doesn't fit into an MSS sized block, so take care of that

		 * now.

		 * Cap len to not accidentally hit GSO_BY_FRAGS.

		 */

		partial_segs = len / mss;

		partial_segs = min(len, (unsigned int)(GSO_BY_FRAGS - 1)) / mss;

		if (partial_segs > 1)

			mss *= partial_segs;

		else