提交 ba66bbe5 编写于 作者: D Daniel Borkmann 提交者: David S. Miller

udp: use sk_filter_trim_cap for udp{,6}_queue_rcv_skb

After a6127697 ("udp: prevent bugcheck if filter truncates packet
too much"), there followed various other fixes for similar cases such
as f4979fce ("rose: limit sk_filter trim to payload").

Latter introduced a new helper sk_filter_trim_cap(), where we can pass
the trim limit directly to the socket filter handling. Make use of it
here as well with sizeof(struct udphdr) as lower cap limit and drop the
extra skb->len test in UDP's input path.
Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
Cc: Willem de Bruijn <willemb@google.com>
Acked-by: NWillem de Bruijn <willemb@google.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 deb1f45a
...@@ -1581,9 +1581,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) ...@@ -1581,9 +1581,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
udp_lib_checksum_complete(skb)) udp_lib_checksum_complete(skb))
goto csum_error; goto csum_error;
if (sk_filter(sk, skb)) if (sk_filter_trim_cap(sk, skb, sizeof(struct udphdr)))
goto drop;
if (unlikely(skb->len < sizeof(struct udphdr)))
goto drop; goto drop;
udp_csum_pull_header(skb); udp_csum_pull_header(skb);
......
...@@ -618,9 +618,7 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) ...@@ -618,9 +618,7 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
udp_lib_checksum_complete(skb)) udp_lib_checksum_complete(skb))
goto csum_error; goto csum_error;
if (sk_filter(sk, skb)) if (sk_filter_trim_cap(sk, skb, sizeof(struct udphdr)))
goto drop;
if (unlikely(skb->len < sizeof(struct udphdr)))
goto drop; goto drop;
udp_csum_pull_header(skb); udp_csum_pull_header(skb);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册