Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / f0a70e902f483295a8b6d74ef4393bc577b703d7^! / .
commitf0a70e902f483295a8b6d74ef4393bc577b703d7[log] [tgz]
authorDavid S. Miller <davem@davemloft.net>Thu Jul 12 08:06:04 2012 -0700
committerDavid S. Miller <davem@davemloft.net>Thu Jul 12 08:06:04 2012 -0700
tree900ea41b4306d7bdca7e1ff6db23e36e889a6073
parent065f5f9749202cf91dae6f39ad7e9fe8801023b5 [diff]
ipv4: Put proper checks into icmp_socket_deliver().

All handler->err() routines expect that we've done a pskb_may_pull()
test to make sure that IP header length + 8 bytes can be safely
pulled.

Reported-by: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index d01aeb4..ea3a996 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c

@@ -640,6 +640,12 @@
 	const struct net_protocol *ipprot;
 	int protocol = iph->protocol;
 
+	/* Checkin full IP header plus 8 bytes of protocol to
+	 * avoid additional coding at protocol handlers.
+	 */
+	if (!pskb_may_pull(skb, iph->ihl * 4 + 8))
+		return;
+
 	raw_icmp_error(skb, protocol, info);
 
 	rcu_read_lock();
@@ -733,12 +739,6 @@
 		goto out;
 	}
 
-	/* Checkin full IP header plus 8 bytes of protocol to
-	 * avoid additional coding at protocol handlers.
-	 */
-	if (!pskb_may_pull(skb, iph->ihl * 4 + 8))
-		goto out;
-
 	icmp_socket_deliver(skb, info);
 
 out: