diff options
author | David S. Miller <davem@davemloft.net> | 2019-07-02 14:12:30 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2019-07-02 14:12:30 -0700 |
commit | bc389fd101e57b36aacfaec2df8fe479eabb44ea (patch) | |
tree | 8d917bb99e59f5ada7be19a7e8cd477df0c9809e | |
parent | e835ada07091f40dcfb1bc735082bd0a7c005e59 (diff) | |
parent | 7d8b16b9facb0dd81d1469808dd9a575fa1d525a (diff) |
Merge branch 'macsec-fix-some-bugs-in-the-receive-path'
Andreas Steinmetz says:
====================
macsec: fix some bugs in the receive path
This series fixes some bugs in the receive path of macsec. The first
is a use after free when processing macsec frames with a SecTAG that
has the TCI E bit set but the C bit clear. In the 2nd bug, the driver
leaves an invalid checksumming state after decrypting the packet.
This is a combined effort of Sabrina Dubroca <sd@queasysnail.net> and me.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | drivers/net/macsec.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 75aebf65cd09..8f46aa1ddec0 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -865,6 +865,7 @@ static void macsec_reset_skb(struct sk_buff *skb, struct net_device *dev) static void macsec_finalize_skb(struct sk_buff *skb, u8 icv_len, u8 hdr_len) { + skb->ip_summed = CHECKSUM_NONE; memmove(skb->data + hdr_len, skb->data, 2 * ETH_ALEN); skb_pull(skb, hdr_len); pskb_trim_unique(skb, skb->len - icv_len); @@ -1099,10 +1100,9 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb) } skb = skb_unshare(skb, GFP_ATOMIC); - if (!skb) { - *pskb = NULL; + *pskb = skb; + if (!skb) return RX_HANDLER_CONSUMED; - } pulled_sci = pskb_may_pull(skb, macsec_extra_len(true)); if (!pulled_sci) { |