aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/net/bonding/bond_main.c5
-rw-r--r--include/linux/if_arp.h6
-rw-r--r--net/core/netpoll.c6
-rw-r--r--net/ipv4/arp.c9
-rw-r--r--net/ipv4/ipconfig.c5
-rw-r--r--net/ipv4/netfilter/arp_tables.c5
6 files changed, 14 insertions, 22 deletions
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 966643473da7..5fc9d8d58ece 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -2646,10 +2646,7 @@ static int bond_arp_rcv(struct sk_buff *skb, struct net_device *dev, struct pack
2646 if (!slave || !slave_do_arp_validate(bond, slave)) 2646 if (!slave || !slave_do_arp_validate(bond, slave))
2647 goto out_unlock; 2647 goto out_unlock;
2648 2648
2649 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ 2649 if (!pskb_may_pull(skb, arp_hdr_len(dev)))
2650 if (!pskb_may_pull(skb, (sizeof(struct arphdr) +
2651 (2 * dev->addr_len) +
2652 (2 * sizeof(u32)))))
2653 goto out_unlock; 2650 goto out_unlock;
2654 2651
2655 arp = arp_hdr(skb); 2652 arp = arp_hdr(skb);
diff --git a/include/linux/if_arp.h b/include/linux/if_arp.h
index 296e8e86e91d..4d3401812e6c 100644
--- a/include/linux/if_arp.h
+++ b/include/linux/if_arp.h
@@ -156,6 +156,12 @@ static inline struct arphdr *arp_hdr(const struct sk_buff *skb)
156{ 156{
157 return (struct arphdr *)skb_network_header(skb); 157 return (struct arphdr *)skb_network_header(skb);
158} 158}
159
160static inline int arp_hdr_len(struct net_device *dev)
161{
162 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */
163 return sizeof(struct arphdr) + (dev->addr_len + sizeof(u32)) * 2;
164}
159#endif 165#endif
160 166
161#endif /* _LINUX_IF_ARP_H */ 167#endif /* _LINUX_IF_ARP_H */
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index 6faa128a4c8e..7ae98659d79d 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -384,9 +384,7 @@ static void arp_reply(struct sk_buff *skb)
384 if (skb->dev->flags & IFF_NOARP) 384 if (skb->dev->flags & IFF_NOARP)
385 return; 385 return;
386 386
387 if (!pskb_may_pull(skb, (sizeof(struct arphdr) + 387 if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
388 (2 * skb->dev->addr_len) +
389 (2 * sizeof(u32)))))
390 return; 388 return;
391 389
392 skb_reset_network_header(skb); 390 skb_reset_network_header(skb);
@@ -414,7 +412,7 @@ static void arp_reply(struct sk_buff *skb)
414 ipv4_is_loopback(tip) || ipv4_is_multicast(tip)) 412 ipv4_is_loopback(tip) || ipv4_is_multicast(tip))
415 return; 413 return;
416 414
417 size = sizeof(struct arphdr) + 2 * (skb->dev->addr_len + 4); 415 size = arp_hdr_len(skb->dev);
418 send_skb = find_skb(np, size + LL_RESERVED_SPACE(np->dev), 416 send_skb = find_skb(np, size + LL_RESERVED_SPACE(np->dev),
419 LL_RESERVED_SPACE(np->dev)); 417 LL_RESERVED_SPACE(np->dev));
420 418
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 8e17f65f4002..69e80bd9774a 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -570,14 +570,13 @@ struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip,
570 * Allocate a buffer 570 * Allocate a buffer
571 */ 571 */
572 572
573 skb = alloc_skb(sizeof(struct arphdr)+ 2*(dev->addr_len+4) 573 skb = alloc_skb(arp_hdr_len(dev) + LL_RESERVED_SPACE(dev), GFP_ATOMIC);
574 + LL_RESERVED_SPACE(dev), GFP_ATOMIC);
575 if (skb == NULL) 574 if (skb == NULL)
576 return NULL; 575 return NULL;
577 576
578 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 577 skb_reserve(skb, LL_RESERVED_SPACE(dev));
579 skb_reset_network_header(skb); 578 skb_reset_network_header(skb);
580 arp = (struct arphdr *) skb_put(skb,sizeof(struct arphdr) + 2*(dev->addr_len+4)); 579 arp = (struct arphdr *) skb_put(skb, arp_hdr_len(dev));
581 skb->dev = dev; 580 skb->dev = dev;
582 skb->protocol = htons(ETH_P_ARP); 581 skb->protocol = htons(ETH_P_ARP);
583 if (src_hw == NULL) 582 if (src_hw == NULL)
@@ -916,9 +915,7 @@ static int arp_rcv(struct sk_buff *skb, struct net_device *dev,
916 goto freeskb; 915 goto freeskb;
917 916
918 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ 917 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */
919 if (!pskb_may_pull(skb, (sizeof(struct arphdr) + 918 if (!pskb_may_pull(skb, arp_hdr_len(dev)))
920 (2 * dev->addr_len) +
921 (2 * sizeof(u32)))))
922 goto freeskb; 919 goto freeskb;
923 920
924 arp = arp_hdr(skb); 921 arp = arp_hdr(skb);
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index c90e75a66e81..f84041d1f623 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -459,10 +459,7 @@ ic_rarp_recv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
459 if (rarp->ar_pro != htons(ETH_P_IP)) 459 if (rarp->ar_pro != htons(ETH_P_IP))
460 goto drop; 460 goto drop;
461 461
462 if (!pskb_may_pull(skb, 462 if (!pskb_may_pull(skb, arp_hdr_len(dev)))
463 sizeof(struct arphdr) +
464 (2 * dev->addr_len) +
465 (2 * 4)))
466 goto drop; 463 goto drop;
467 464
468 /* OK, it is all there and looks valid, process... */ 465 /* OK, it is all there and looks valid, process... */
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index a7591ce344d2..9b5904486184 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -233,10 +233,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
233 void *table_base; 233 void *table_base;
234 struct xt_table_info *private; 234 struct xt_table_info *private;
235 235
236 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ 236 if (!pskb_may_pull(skb, arp_hdr_len(skb->dev)))
237 if (!pskb_may_pull(skb, (sizeof(struct arphdr) +
238 (2 * skb->dev->addr_len) +
239 (2 * sizeof(u32)))))
240 return NF_DROP; 237 return NF_DROP;
241 238
242 indev = in ? in->name : nulldevname; 239 indev = in ? in->name : nulldevname;
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-30 13:40:50 -0500