bridge: simplify ip_mc_check_igmp() and ipv6_mc_check_mld() internals
With this patch the internal use of the skb_trimmed is reduced to the ICMPv6/IGMP checksum verification. And for the length checks the newly introduced helper functions are used instead of calculating and checking with skb->len directly. These changes should hopefully make it easier to verify that length checks are performed properly. Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Linus Lüssing
کامیت شده توسط
David S. Miller
David S. Miller
والد
ba5ea61462
کامیت
a2e2ca3beb
@@ -1493,22 +1493,22 @@ static int ip_mc_check_igmp_reportv3(struct sk_buff *skb)
|
||||
|
||||
len += sizeof(struct igmpv3_report);
|
||||
|
||||
return pskb_may_pull(skb, len) ? 0 : -EINVAL;
|
||||
return ip_mc_may_pull(skb, len) ? 0 : -EINVAL;
|
||||
}
|
||||
|
||||
static int ip_mc_check_igmp_query(struct sk_buff *skb)
|
||||
{
|
||||
unsigned int len = skb_transport_offset(skb);
|
||||
|
||||
len += sizeof(struct igmphdr);
|
||||
if (skb->len < len)
|
||||
return -EINVAL;
|
||||
unsigned int transport_len = ip_transport_len(skb);
|
||||
unsigned int len;
|
||||
|
||||
/* IGMPv{1,2}? */
|
||||
if (skb->len != len) {
|
||||
if (transport_len != sizeof(struct igmphdr)) {
|
||||
/* or IGMPv3? */
|
||||
len += sizeof(struct igmpv3_query) - sizeof(struct igmphdr);
|
||||
if (skb->len < len || !pskb_may_pull(skb, len))
|
||||
if (transport_len < sizeof(struct igmpv3_query))
|
||||
return -EINVAL;
|
||||
|
||||
len = skb_transport_offset(skb) + sizeof(struct igmpv3_query);
|
||||
if (!ip_mc_may_pull(skb, len))
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
@@ -1544,35 +1544,24 @@ static inline __sum16 ip_mc_validate_checksum(struct sk_buff *skb)
|
||||
return skb_checksum_simple_validate(skb);
|
||||
}
|
||||
|
||||
static int __ip_mc_check_igmp(struct sk_buff *skb)
|
||||
|
||||
static int ip_mc_check_igmp_csum(struct sk_buff *skb)
|
||||
{
|
||||
struct sk_buff *skb_chk;
|
||||
unsigned int transport_len;
|
||||
unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr);
|
||||
int ret = -EINVAL;
|
||||
unsigned int transport_len = ip_transport_len(skb);
|
||||
struct sk_buff *skb_chk;
|
||||
|
||||
transport_len = ntohs(ip_hdr(skb)->tot_len) - ip_hdrlen(skb);
|
||||
if (!ip_mc_may_pull(skb, len))
|
||||
return -EINVAL;
|
||||
|
||||
skb_chk = skb_checksum_trimmed(skb, transport_len,
|
||||
ip_mc_validate_checksum);
|
||||
if (!skb_chk)
|
||||
goto err;
|
||||
return -EINVAL;
|
||||
|
||||
if (!pskb_may_pull(skb_chk, len))
|
||||
goto err;
|
||||
|
||||
ret = ip_mc_check_igmp_msg(skb_chk);
|
||||
if (ret)
|
||||
goto err;
|
||||
|
||||
ret = 0;
|
||||
|
||||
err:
|
||||
if (skb_chk && skb_chk != skb)
|
||||
if (skb_chk != skb)
|
||||
kfree_skb(skb_chk);
|
||||
|
||||
return ret;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1600,7 +1589,11 @@ int ip_mc_check_igmp(struct sk_buff *skb)
|
||||
if (ip_hdr(skb)->protocol != IPPROTO_IGMP)
|
||||
return -ENOMSG;
|
||||
|
||||
return __ip_mc_check_igmp(skb);
|
||||
ret = ip_mc_check_igmp_csum(skb);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
return ip_mc_check_igmp_msg(skb);
|
||||
}
|
||||
EXPORT_SYMBOL(ip_mc_check_igmp);
|
||||
|
||||
|
||||
مرجع در شماره جدید
Block a user