From bbcf467dab42ea3c85f368df346c82af2fbba665 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 3 Jul 2006 19:38:35 -0700 Subject: [NET]: Verify gso_type too in gso_segment We don't want nasty Xen guests to pass a TCPv6 packet in with gso_type set to TCPv4 or even UDP (or a packet that's both TCP and UDP). Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- net/ipv6/ipv6_sockglue.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'net/ipv6') diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index c28e5c28744..ec59344478d 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -64,6 +64,14 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb, int features) struct inet6_protocol *ops; int proto; + if (unlikely(skb_shinfo(skb)->gso_type & + ~(SKB_GSO_UDP | + SKB_GSO_DODGY | + SKB_GSO_TCP_ECN | + SKB_GSO_TCPV6 | + 0))) + goto out; + if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h)))) goto out; -- cgit v1.2.3-70-g09d2