Skip to content
Snippets Groups Projects
Commit cedc36d8 authored by Eric Dumazet's avatar Eric Dumazet Committed by Stuart Scott
Browse files

UPSTREAM: packet: handle too big packets for PACKET_V3


af_packet can currently overwrite kernel memory by out of bound
accesses, because it assumed a [new] block can always hold one frame.

This is not generally the case, even if most existing tools do it right.

This patch clamps too long frames as API permits, and issue a one time
error on syslog.

[  394.357639] tpacket_rcv: packet too big, clamped from 5042 to 3966. macoff=82

In this example, packet header tp_snaplen was set to 3966,
and tp_len was set to 5042 (skb->len)

Upstream commit: dc808110
Bug: 36725304
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Fixes: f6fb8f10 ("af-packet: TPACKET_V3 flexible buffer implementation.")
Acked-by: default avatarDaniel Borkmann <dborkman@redhat.com>
Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>

Change-Id: Ia324821540dfc1cd8a4fbdd6af2b37325354c69b
parent 94cc829d
No related branches found
No related tags found
No related merge requests found
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment