[v5 PATCH 01/14] xfrm: ipcomp: Call pskb_may_pull in ipcomp_input
Herbert Xu
herbert at gondor.apana.org.au
Sat Mar 15 03:30:19 PDT 2025
If a malformed packet is received there may not be enough data
to pull. This isn't a problem in practice because the caller
has already done xfrm_parse_spi which in effect does the same
thing.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Acked-by: Steffen Klassert <steffen.klassert at secunet.com>
---
net/xfrm/xfrm_ipcomp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
index 9c0fa0e1786a..43eae94e4b0e 100644
--- a/net/xfrm/xfrm_ipcomp.c
+++ b/net/xfrm/xfrm_ipcomp.c
@@ -97,6 +97,9 @@ int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
int err = -ENOMEM;
struct ip_comp_hdr *ipch;
+ if (!pskb_may_pull(skb, sizeof(*ipch)))
+ return -EINVAL;
+
if (skb_linearize_cow(skb))
goto out;
--
2.39.5
More information about the linux-mtd
mailing list