ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup()

The encap->type comes straight from Netlink. Validate it against max supported encap types just like ip_encap_hlen() already does. Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)") Signed-off-by: N Thomas Graf <tgraf@suug.ch> Signed-off-by: N David S. Miller <davem@davemloft.net>

ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup()
The encap->type comes straight from Netlink. Validate it against max supported encap types just like ip_encap_hlen() already does. Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)") Signed-off-by: N Thomas Graf <tgraf@suug.ch> Signed-off-by: N David S. Miller <davem@davemloft.net>
f1fb521f · Thomas Graf · David S. Miller · bb1553c8 · f1fb521f
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

net/ipv4/ip_tunnel.c net/ipv4/ip_tunnel.c +3 -0

未找到文件。
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -573,6 +573,9 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
 	if (t->encap.type == TUNNEL_ENCAP_NONE)
 		return 0;

+	if (t->encap.type >= MAX_IPTUN_ENCAP_OPS)
+		return -EINVAL;
+
 	rcu_read_lock();
 	ops = rcu_dereference(iptun_encaps[t->encap.type]);
 	if (likely(ops && ops->build_header))