Re: [PATCH] bridge: mcast snooping, fix length check of snooped MLDv1/2
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
From: Linus Lüssing <linus.luessing@xxxxxx>
Date: Sun, 27 Mar 2011 08:27:24 +0200

> "len = ntohs(ip6h->payload_len)" does not include the length of the ipv6
> header itself, which the rest of this function assumes, though.
> 
> This leads to a length check less restrictive as it should be in the
> following line for one thing. For another, it very likely leads to an
> integer underrun when substracting the offset and therefore to a very
> high new value of 'len' due to its unsignedness. This will ultimately
> lead to the pskb_trim_rcsum() practically never being called, even in
> the cases where it should.
> 
> Signed-off-by: Linus Lüssing <linus.luessing@xxxxxx>

Applied.
_______________________________________________
Bridge mailing list
Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/bridge

[Netdev]     [AoE Tools]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Photo]     [Yosemite]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]     [Linux Resources]

Add to Google Powered by Linux