Merge branch 'macsec-fix-some-bugs-in-the-receive-path'

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Andreas Steinmetz says:

====================
macsec: fix some bugs in the receive path

This series fixes some bugs in the receive path of macsec. The first
is a use after free when processing macsec frames with a SecTAG that
has the TCI E bit set but the C bit clear. In the 2nd bug, the driver
leaves an invalid checksumming state after decrypting the packet.

This is a combined effort of Sabrina Dubroca <sd@queasysnail.net> and me.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

David S. Miller 6 years ago bc389fd1 e835ada0

+3 -3

1 changed file

expand all

drivers

net

macsec.c

+3 -3

drivers/net/macsec.c

··· 865 865 866 866 static void macsec_finalize_skb(struct sk_buff *skb, u8 icv_len, u8 hdr_len) 867 867 { 868 + skb->ip_summed = CHECKSUM_NONE; 868 869 memmove(skb->data + hdr_len, skb->data, 2 * ETH_ALEN); 869 870 skb_pull(skb, hdr_len); 870 871 pskb_trim_unique(skb, skb->len - icv_len); ··· 1100 1099 } 1101 1100 1102 1101 skb = skb_unshare(skb, GFP_ATOMIC); 1103 - if (!skb) { 1104 - *pskb = NULL; 1102 + *pskb = skb; 1103 + if (!skb) 1105 1104 return RX_HANDLER_CONSUMED; 1106 - } 1107 1105 1108 1106 pulled_sci = pskb_may_pull(skb, macsec_extra_len(true)); 1109 1107 if (!pulled_sci) {