• Stefan Nuernberger's avatar
    net/ipv4: defensive cipso option parsing · 076ed3da
    Stefan Nuernberger authored
    commit 40413955 ("Cipso: cipso_v4_optptr enter infinite loop") fixed
    a possible infinite loop in the IP option parsing of CIPSO. The fix
    assumes that ip_options_compile filtered out all zero length options and
    that no other one-byte options beside IPOPT_END and IPOPT_NOOP exist.
    While this assumption currently holds true, add explicit checks for zero
    length and invalid length options to be safe for the future. Even though
    ip_options_compile should have validated the options, the introduction of
    new one-byte options can still confuse this code without the additional
    checks.
    Signed-off-by: default avatarStefan Nuernberger <snu@amazon.com>
    Cc: David Woodhouse <dwmw@amazon.co.uk>
    Cc: Simon Veith <sveith@amazon.de>
    Cc: stable@vger.kernel.org
    Acked-by: default avatarPaul Moore <paul@paul-moore.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    076ed3da
cipso_ipv4.c 61.3 KB