From 4a1c948bc688e5ab5e51d12d2f6dd6746e3ac2d9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 4 May 2024 12:15:43 +0200 Subject: Merging upstream version 6.1.85. Signed-off-by: Daniel Baumann --- net/ipv4/ip_gre.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'net/ipv4/ip_gre.c') diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index d67d026d7..0267fa053 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -280,8 +280,13 @@ static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi, tpi->flags | TUNNEL_NO_KEY, iph->saddr, iph->daddr, 0); } else { + if (unlikely(!pskb_may_pull(skb, + gre_hdr_len + sizeof(*ershdr)))) + return PACKET_REJECT; + ershdr = (struct erspan_base_hdr *)(skb->data + gre_hdr_len); ver = ershdr->ver; + iph = ip_hdr(skb); tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags | TUNNEL_KEY, iph->saddr, iph->daddr, tpi->key); -- cgit v1.2.3