Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

ipv6: l2tp: fix a potential issue in l2tp_ip6_recv

pskb_may_pull() can change skb->data, so we have to load ptr/optr at the
right place.

Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Haishuang Yan 9 years ago
parent
5745b8232e
commit
be447f3054
1 changed files with 5 additions and 3 deletions
Split View Show Diff Stats
  1. 5 3
      net/l2tp/l2tp_ip6.c

+ 5 - 3
net/l2tp/l2tp_ip6.c
View File 

@@ -136,12 +136,11 @@ static int l2tp_ip6_recv(struct sk_buff *skb)
 
 	struct l2tp_tunnel *tunnel = NULL;
 
 	int length;
 
 
-	/* Point to L2TP header */
 
-	optr = ptr = skb->data;
 
-
 
 	if (!pskb_may_pull(skb, 4))
 
 		goto discard;
 
 
+	/* Point to L2TP header */
 
+	optr = ptr = skb->data;
 
 	session_id = ntohl(*((__be32 *) ptr));
 
 	ptr += 4;
 
 
@@ -169,6 +168,9 @@ static int l2tp_ip6_recv(struct sk_buff *skb)
 
 		if (!pskb_may_pull(skb, length))
 
 			goto discard;
 
 
+		/* Point to L2TP header */
 
+		optr = ptr = skb->data;
 
+		ptr += 4;
 
 		pr_debug("%s: ip recv\n", tunnel->name);
 
 		print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, ptr, length);
 
 	}