Commit cffd8a45 authored by Liu Jian's avatar Liu Jian Committed by Laibin Qiu
Browse files

bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes 

stable inclusion
from stable-4.19.246
commit 22771d3095deeca0d2aefd55999fa8a50caea3cd
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5FNPY


CVE: NA

--------------------------------

commit 45969b41 upstream.

The data length of skb frags + frag_list may be greater than 0xffff, and
skb_header_pointer can not handle negative offset. So, here INT_MAX is used
to check the validity of offset. Add the same change to the related function
skb_store_bytes.

Fixes: 05c74e5e ("bpf: add bpf_skb_load_bytes helper")
Signed-off-by: default avatarLiu Jian <liujian56@huawei.com>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Acked-by: default avatarSong Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20220416105801.88708-2-liujian56@huawei.com


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarYongqiang Liu <liuyongqiang13@huawei.com>
Signed-off-by: default avatarLaibin Qiu <qiulaibin@huawei.com>
parent 8c25a2b9
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment