UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

tcp: no md5sig option size check bug 

tcp_parse_md5sig_option doesn't check md5sig option (TCPOPT_MD5SIG)
length, but tcp_v[46]_inbound_md5_hash assume that it's at least 16
bytes long.

Signed-off-by: Dmitry Popov <dp@highloadlab.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Dmitry Popov 2010-08-07 20:24:28 -07:00 committed by David S. Miller
parent e225567960
commit ba78e2ddca
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/ipv4/tcp_input.c
View File

@ -3930,7 +3930,7 @@ u8 *tcp_parse_md5sig_option(struct tcphdr *th)
if (opsize < 2 || opsize > length) if (opsize < 2 || opsize > length)
return NULL; return NULL;
if (opcode == TCPOPT_MD5SIG) if (opcode == TCPOPT_MD5SIG)
return ptr; return opsize == TCPOLEN_MD5SIG ? ptr : NULL;
} }
ptr += opsize - 2; ptr += opsize - 2;
length -= opsize; length -= opsize;