Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / ff9a57a62afbbe2d0f3a09af321f1fd7645f38a5
commitff9a57a62afbbe2d0f3a09af321f1fd7645f38a5[log] [tgz]
authorLinus Lüssing <linus.luessing@web.de>Sat Mar 26 20:27:24 2011 +0000
committerDavid S. Miller <davem@davemloft.net>Wed Mar 30 02:28:20 2011 -0700
tree74a3d7cf9a7b10ad042eccf6adacf30aae8c7c15
parentfd1d9188f2cb81fe63c789d9f5463dca402ade12 [diff]
bridge: mcast snooping, fix length check of snooped MLDv1/2

"len = ntohs(ip6h->payload_len)" does not include the length of the ipv6
header itself, which the rest of this function assumes, though.

This leads to a length check less restrictive as it should be in the
following line for one thing. For another, it very likely leads to an
integer underrun when substracting the offset and therefore to a very
high new value of 'len' due to its unsignedness. This will ultimately
lead to the pskb_trim_rcsum() practically never being called, even in
the cases where it should.

Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: 74a3d7cf9a7b10ad042eccf6adacf30aae8c7c15
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS