igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU - kernel

diff options

author	Eric Dumazet <[email protected]>	2023-09-05 04:23:38 +0000
committer	David S. Miller <[email protected]>	2023-09-05 16:49:40 +0000
commit	c3b704d4a4a265660e665df51b129e8425216ed1 (patch)
tree	cf8d488ca7e6e0133504e5137a218d87436d5c22 /tools/perf/scripts/python/event_analyzing_sample.py
parent	Revert "net: macsec: preserve ingress frame ordering" (diff)
download	kernel-c3b704d4a4a265660e665df51b129e8425216ed1.tar.gz kernel-c3b704d4a4a265660e665df51b129e8425216ed1.zip

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

This is a follow up of commit 915d975b2ffa ("net: deal with integer overflows in kmalloc_reserve()") based on David Laight feedback. Back in 2010, I failed to realize malicious users could set dev->mtu to arbitrary values. This mtu has been since limited to 0x7fffffff but regardless of how big dev->mtu is, it makes no sense for igmpv3_newpack() to allocate more than IP_MAX_MTU and risk various skb fields overflows. Fixes: 57e1ab6eaddc ("igmp: refine skb allocations") Link: https://lore.kernel.org/netdev/[email protected]/ Signed-off-by: Eric Dumazet <[email protected]> Reported-by: David Laight <[email protected]> Cc: Kyle Zeng <[email protected]> Reviewed-by: Simon Horman <[email protected]> Signed-off-by: David S. Miller <[email protected]>

Diffstat (limited to 'tools/perf/scripts/python/event_analyzing_sample.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: