ip_gre: fix a possible crash in ipgre_err()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Another fix needed in ipgre_err(), as parse_gre_header() might change
skb->head.

Bug added in commit c54419321455 (GRE: Refactor GRE tunneling code.)

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Eric Dumazet and committed by

David S. Miller 13 years ago 96f5a846 b423e9ae

+2 -1

1 changed file

expand all

net

ipv4

ip_gre.c

+2 -1

net/ipv4/ip_gre.c

··· 235 235 */ 236 236 struct net *net = dev_net(skb->dev); 237 237 struct ip_tunnel_net *itn; 238 - const struct iphdr *iph = (const struct iphdr *)skb->data; 238 + const struct iphdr *iph; 239 239 const int type = icmp_hdr(skb)->type; 240 240 const int code = icmp_hdr(skb)->code; 241 241 struct ip_tunnel *t; ··· 281 281 else 282 282 itn = net_generic(net, ipgre_net_id); 283 283 284 + iph = (const struct iphdr *)skb->data; 284 285 t = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi.flags, 285 286 iph->daddr, iph->saddr, tpi.key); 286 287