!8886 CVE-2024-36933 (64608431) · Commits · EulixOS / Software / Kernel

net/nsh/nsh.c

+10 −10

Original line number	Diff line number	Diff line
		@@ -76,14 +76,15 @@ EXPORT_SYMBOL_GPL(nsh_pop);
		static struct sk_buff nsh_gso_segment(struct sk_buff skb,
		netdev_features_t features)
		{
		unsigned int outer_hlen, mac_len, nsh_len;
		struct sk_buff *segs = ERR_PTR(-EINVAL);
		unsigned int nsh_len, mac_len;
		__be16 proto;
		int nhoff;
		u16 mac_offset = skb->mac_header;
		__be16 outer_proto, proto;

		skb_reset_network_header(skb);

		nhoff = skb->network_header - skb->mac_header;
		outer_proto = skb->protocol;
		outer_hlen = skb_mac_header_len(skb);
		mac_len = skb->mac_len;

		if (unlikely(!pskb_may_pull(skb, NSH_BASE_HDR_LEN)))
		@@ -108,16 +109,15 @@ static struct sk_buff nsh_gso_segment(struct sk_buff skb,
		segs = skb_mac_gso_segment(skb, features);
		if (IS_ERR_OR_NULL(segs)) {
		skb_gso_error_unwind(skb, htons(ETH_P_NSH), nsh_len,
		skb->network_header - nhoff,
		mac_len);
		mac_offset, mac_len);
		goto out;
		}

		for (skb = segs; skb; skb = skb->next) {
		skb->protocol = htons(ETH_P_NSH);
		__skb_push(skb, nsh_len);
		skb_set_mac_header(skb, -nhoff);
		skb->network_header = skb->mac_header + mac_len;
		skb->protocol = outer_proto;
		__skb_push(skb, nsh_len + outer_hlen);
		skb_reset_mac_header(skb);
		skb_set_network_header(skb, outer_hlen);
		skb->mac_len = mac_len;
		}