summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2019-07-02 14:12:30 -0700
committerDavid S. Miller <davem@davemloft.net>2019-07-02 14:12:30 -0700
commitbc389fd101e57b36aacfaec2df8fe479eabb44ea (patch)
tree8d917bb99e59f5ada7be19a7e8cd477df0c9809e
parente835ada07091f40dcfb1bc735082bd0a7c005e59 (diff)
parent7d8b16b9facb0dd81d1469808dd9a575fa1d525a (diff)
Merge branch 'macsec-fix-some-bugs-in-the-receive-path'
Andreas Steinmetz says: ==================== macsec: fix some bugs in the receive path This series fixes some bugs in the receive path of macsec. The first is a use after free when processing macsec frames with a SecTAG that has the TCI E bit set but the C bit clear. In the 2nd bug, the driver leaves an invalid checksumming state after decrypting the packet. This is a combined effort of Sabrina Dubroca <sd@queasysnail.net> and me. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--drivers/net/macsec.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 75aebf65cd09..8f46aa1ddec0 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -865,6 +865,7 @@ static void macsec_reset_skb(struct sk_buff *skb, struct net_device *dev)
static void macsec_finalize_skb(struct sk_buff *skb, u8 icv_len, u8 hdr_len)
{
+ skb->ip_summed = CHECKSUM_NONE;
memmove(skb->data + hdr_len, skb->data, 2 * ETH_ALEN);
skb_pull(skb, hdr_len);
pskb_trim_unique(skb, skb->len - icv_len);
@@ -1099,10 +1100,9 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
}
skb = skb_unshare(skb, GFP_ATOMIC);
- if (!skb) {
- *pskb = NULL;
+ *pskb = skb;
+ if (!skb)
return RX_HANDLER_CONSUMED;
- }
pulled_sci = pskb_may_pull(skb, macsec_extra_len(true));
if (!pulled_sci) {