aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorStephen Hemminger <shemminger@osdl.org>2006-08-26 23:28:30 -0400
committerDavid S. Miller <davem@davemloft.net>2006-08-26 23:28:30 -0400
commit3a13813e6effcfad5910d47b15b724621b50b878 (patch)
tree30aaf88578ee23b0a1c0f90e7ee1100244d62415 /include/linux
parent8dbc16033e35c7443cd56cb5ba308bb19cb7b469 (diff)
[BRIDGE] netfilter: memory corruption fix
The bridge-netfilter code will overwrite memory if there is not headroom in the skb to save the header. This first showed up when using Xen with sky2 driver that doesn't allocate the extra space. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/netfilter_bridge.h14
1 files changed, 12 insertions, 2 deletions
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index 10c13dc4665b..427c67ff89e9 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -48,15 +48,25 @@ enum nf_br_hook_priorities {
48 48
49/* Only used in br_forward.c */ 49/* Only used in br_forward.c */
50static inline 50static inline
51void nf_bridge_maybe_copy_header(struct sk_buff *skb) 51int nf_bridge_maybe_copy_header(struct sk_buff *skb)
52{ 52{
53 int err;
54
53 if (skb->nf_bridge) { 55 if (skb->nf_bridge) {
54 if (skb->protocol == __constant_htons(ETH_P_8021Q)) { 56 if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
57 err = skb_cow(skb, 18);
58 if (err)
59 return err;
55 memcpy(skb->data - 18, skb->nf_bridge->data, 18); 60 memcpy(skb->data - 18, skb->nf_bridge->data, 18);
56 skb_push(skb, 4); 61 skb_push(skb, 4);
57 } else 62 } else {
63 err = skb_cow(skb, 16);
64 if (err)
65 return err;
58 memcpy(skb->data - 16, skb->nf_bridge->data, 16); 66 memcpy(skb->data - 16, skb->nf_bridge->data, 16);
67 }
59 } 68 }
69 return 0;
60} 70}
61 71
62/* This is called by the IP fragmenting code and it ensures there is 72/* This is called by the IP fragmenting code and it ensures there is