From: Thomas Graf Date: Tue, 16 Dec 2014 20:05:21 +0000 (+0100) Subject: ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() X-Git-Tag: firefly_0821_release~176^2~2631^2~15 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=f1fb521f7d94c35e278d76a9198f078223f26799;p=firefly-linux-kernel-4.4.55.git ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() The encap->type comes straight from Netlink. Validate it against max supported encap types just like ip_encap_hlen() already does. Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)") Signed-off-by: Thomas Graf Signed-off-by: David S. Miller --- diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c index 2f498f87e3d8..d3e447936720 100644 --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -573,6 +573,9 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t, if (t->encap.type == TUNNEL_ENCAP_NONE) return 0; + if (t->encap.type >= MAX_IPTUN_ENCAP_OPS) + return -EINVAL; + rcu_read_lock(); ops = rcu_dereference(iptun_encaps[t->encap.type]); if (likely(ops && ops->build_header))