diff options
author | Jakub Kicinski <kuba@kernel.org> | 2022-04-07 23:24:23 -0700 |
---|---|---|
committer | Jakub Kicinski <kuba@kernel.org> | 2022-04-07 23:24:23 -0700 |
commit | dc2e0617f1fd0c5a6f601502b4379113a84ffecf (patch) | |
tree | d6959aa21296841b6ec543291cd66ed66a6e5c33 /net/core/filter.c | |
parent | 27a5a5685d373cd8c18b1d83f42a83e5a2f93e6c (diff) | |
parent | 73b193f265096080eac866b9a852627b475384fc (diff) | |
download | linux-dc2e0617f1fd0c5a6f601502b4379113a84ffecf.tar.gz linux-dc2e0617f1fd0c5a6f601502b4379113a84ffecf.tar.bz2 linux-dc2e0617f1fd0c5a6f601502b4379113a84ffecf.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
No conflicts.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net/core/filter.c')
-rw-r--r-- | net/core/filter.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/net/core/filter.c b/net/core/filter.c index 29986eda285d..143f442a9505 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -7016,24 +7016,33 @@ BPF_CALL_5(bpf_tcp_check_syncookie, struct sock *, sk, void *, iph, u32, iph_len if (!th->ack || th->rst || th->syn) return -ENOENT; + if (unlikely(iph_len < sizeof(struct iphdr))) + return -EINVAL; + if (tcp_synq_no_recent_overflow(sk)) return -ENOENT; cookie = ntohl(th->ack_seq) - 1; - switch (sk->sk_family) { - case AF_INET: - if (unlikely(iph_len < sizeof(struct iphdr))) + /* Both struct iphdr and struct ipv6hdr have the version field at the + * same offset so we can cast to the shorter header (struct iphdr). + */ + switch (((struct iphdr *)iph)->version) { + case 4: + if (sk->sk_family == AF_INET6 && ipv6_only_sock(sk)) return -EINVAL; ret = __cookie_v4_check((struct iphdr *)iph, th, cookie); break; #if IS_BUILTIN(CONFIG_IPV6) - case AF_INET6: + case 6: if (unlikely(iph_len < sizeof(struct ipv6hdr))) return -EINVAL; + if (sk->sk_family != AF_INET6) + return -EINVAL; + ret = __cookie_v6_check((struct ipv6hdr *)iph, th, cookie); break; #endif /* CONFIG_IPV6 */ |