From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Sabrina Dubroca <sd@queasysnail.net>,
Eric Dumazet <edumazet@google.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.18 09/42] ip6_gre: fix endianness errors in ip6gre_err
Date: Sun, 24 Sep 2017 22:27:44 +0200 [thread overview]
Message-ID: <20170924202650.353993792@linuxfoundation.org> (raw)
In-Reply-To: <20170924202649.994060798@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sabrina Dubroca <sd@queasysnail.net>
commit d1e158e2d7a0a91110b206653f0e02376e809150 upstream.
info is in network byte order, change it back to host byte order
before use. In particular, the current code sets the MTU of the tunnel
to a wrong (too big) value.
Fixes: c12b395a4664 ("gre: Support GRE over IPv6")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ip6_gre.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -421,7 +421,7 @@ static void ip6gre_err(struct sk_buff *s
if (code == ICMPV6_HDR_FIELD)
teli = ip6_tnl_parse_tlv_enc_lim(skb, skb->data);
- if (teli && teli == info - 2) {
+ if (teli && teli == be32_to_cpu(info) - 2) {
tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli];
if (tel->encap_limit == 0) {
net_warn_ratelimited("%s: Too small encapsulation limit or routing loop in tunnel!\n",
@@ -433,7 +433,7 @@ static void ip6gre_err(struct sk_buff *s
}
break;
case ICMPV6_PKT_TOOBIG:
- mtu = info - offset;
+ mtu = be32_to_cpu(info) - offset;
if (mtu < IPV6_MIN_MTU)
mtu = IPV6_MIN_MTU;
t->dev->mtu = mtu;
next prev parent reply other threads:[~2017-09-24 20:29 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-24 20:27 [PATCH 3.18 00/42] 3.18.72-stable review Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 01/42] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 02/42] qlge: avoid memcpy buffer overflow Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 03/42] Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()" Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 04/42] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 05/42] ipv6: fix memory leak with multiple tables during netns destruction Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 06/42] ipv6: fix typo in fib6_net_exit() Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 07/42] f2fs: check hot_data for roll-forward recovery Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 08/42] [PATCH] Revert "usb: musb: fix tx fifo flush handling again" Greg Kroah-Hartman
2017-09-24 20:27 ` Greg Kroah-Hartman [this message]
2017-09-24 20:27 ` [PATCH 3.18 10/42] Input: i8042 - add Gigabyte P57 to the keyboard reset table Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 11/42] [PATCH - RESEND] crypto: AF_ALG - remove SGL terminator indicator when chaining Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 12/42] ext4: fix incorrect quotaoff if the quota feature is enabled Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 13/42] powerpc: Fix DAR reporting when alignment handler faults Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 14/42] block: Relax a check in blk_start_queue() Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 15/42] md/bitmap: disable bitmap_resize for file-backed bitmaps Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 16/42] skd: Avoid that module unloading triggers a use-after-free Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 17/42] skd: Submit requests to firmware before triggering the doorbell Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 18/42] scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 19/42] scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 20/42] scsi: zfcp: fix missing trace records for early returns in TMF eh handlers Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 21/42] scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 22/42] scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 23/42] scsi: zfcp: trace high part of "new" 64 bit SCSI LUN Greg Kroah-Hartman
2017-09-24 20:27 ` [PATCH 3.18 24/42] scsi: sg: remove save_scat_len Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 25/42] scsi: sg: use standard lists for sg_requests Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 26/42] scsi: sg: off by one in sg_ioctl() Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 27/42] scsi: sg: factor out sg_fill_request_table() Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 28/42] scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 29/42] scsi: qla2xxx: Fix an integer overflow in sysfs code Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 30/42] ftrace: Fix selftest goto location on error Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 31/42] tracing: Apply trace_clock changes to instance max buffer Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 32/42] ARC: Re-enable MMU upon Machine Check exception Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 33/42] PCI: shpchp: Enable bridge bus mastering if MSI is enabled Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 34/42] media: v4l2-compat-ioctl32: Fix timespec conversion Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 35/42] media: uvcvideo: Prevent heap overflow when accessing mapped controls Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 36/42] bcache: initialize dirty stripes in flash_dev_run() Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 37/42] bcache: Fix leak of bdev reference Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 38/42] bcache: correct cache_dirty_target in __update_writeback_rate() Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 39/42] bcache: Correct return value for sysfs attach errors Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 40/42] bcache: fix for gc and write-back race Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 41/42] bcache: fix bch_hprint crash and improve output Greg Kroah-Hartman
2017-09-24 20:28 ` [PATCH 3.18 42/42] mac80211: flush hw_roc_start work before cancelling the ROC Greg Kroah-Hartman
2017-09-25 1:02 ` [PATCH 3.18 00/42] 3.18.72-stable review Guenter Roeck
2017-09-25 6:29 ` Greg Kroah-Hartman
2017-09-25 11:05 ` Guenter Roeck
2017-09-25 12:23 ` Greg Kroah-Hartman
2017-09-25 23:11 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170924202650.353993792@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sd@queasysnail.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.