summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArnaldo Carvalho de Melo <acme@kernel.org>2016-11-28 12:36:58 -0300
committerDavid S. Miller <davem@davemloft.net>2016-11-29 20:45:54 -0500
commita510887824171ad260cc4a2603396c6247fdd091 (patch)
tree0ced3affea36b2952e9fbced2373080e2a314668
parent725cbb62e7ade1bb29aa21a902d74e72b42a0f3d (diff)
downloadlinux-a510887824171ad260cc4a2603396c6247fdd091.tar.gz
linux-a510887824171ad260cc4a2603396c6247fdd091.tar.bz2
linux-a510887824171ad260cc4a2603396c6247fdd091.zip
GSO: Reload iph after pskb_may_pull
As it may get stale and lead to use after free. Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Alexander Duyck <aduyck@mirantis.com> Cc: Andrey Konovalov <andreyknvl@google.com> Fixes: cbc53e08a793 ("GSO: Add GSO type for fixed IPv4 ID") Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Acked-by: Alexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/af_inet.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 5ddf5cda07f4..215143246e4b 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1233,7 +1233,7 @@ struct sk_buff *inet_gso_segment(struct sk_buff *skb,
fixedid = !!(skb_shinfo(skb)->gso_type & SKB_GSO_TCP_FIXEDID);
/* fixed ID is invalid if DF bit is not set */
- if (fixedid && !(iph->frag_off & htons(IP_DF)))
+ if (fixedid && !(ip_hdr(skb)->frag_off & htons(IP_DF)))
goto out;
}