diff options
| author | Willem de Bruijn <willemb@google.com> | 2016-07-16 17:33:15 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-07-18 22:46:52 -0700 |
| commit | c74bfbdba0e8d056e4ba579a666b5cdb8ec3cd35 (patch) | |
| tree | 7127cebf1625cba37e370ffc6b3f6856a1f85db6 | |
| parent | 0564bf0afae443deeb16f36e2c39fefff89d05f2 (diff) | |
| download | linux-c74bfbdba0e8d056e4ba579a666b5cdb8ec3cd35.tar.gz linux-c74bfbdba0e8d056e4ba579a666b5cdb8ec3cd35.tar.bz2 linux-c74bfbdba0e8d056e4ba579a666b5cdb8ec3cd35.zip | |
sctp: load transport header after sk_filter
Do not cache pointers into the skb linear segment across sk_filter.
The function call can trigger pskb_expand_head.
Signed-off-by: Willem de Bruijn <willemb@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/sctp/input.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/net/sctp/input.c b/net/sctp/input.c index a701527a9480..47cf4604d19c 100644 --- a/net/sctp/input.c +++ b/net/sctp/input.c @@ -112,7 +112,6 @@ int sctp_rcv(struct sk_buff *skb) struct sctp_ep_common *rcvr; struct sctp_transport *transport = NULL; struct sctp_chunk *chunk; - struct sctphdr *sh; union sctp_addr src; union sctp_addr dest; int family; @@ -127,8 +126,6 @@ int sctp_rcv(struct sk_buff *skb) if (skb_linearize(skb)) goto discard_it; - sh = sctp_hdr(skb); - /* Pull up the IP and SCTP headers. */ __skb_pull(skb, skb_transport_offset(skb)); if (skb->len < sizeof(struct sctphdr)) @@ -230,7 +227,7 @@ int sctp_rcv(struct sk_buff *skb) chunk->rcvr = rcvr; /* Remember the SCTP header. */ - chunk->sctp_hdr = sh; + chunk->sctp_hdr = sctp_hdr(skb); /* Set the source and destination addresses of the incoming chunk. */ sctp_init_addrs(chunk, &src, &dest); |