net-fixes: flow_dissector: prevent an infinite loop (CVE-2013-4348)

Jason Wang found that a malicious packet could make skb_flow_dissect()
loop forever. We must check that IP header has a valid ihl to avoid
this loop. It involves IPIP encapsulation and ihl = 0 to trigger.

Given this bug is critical, I cooked a patch before having
a fix in upstream kernel.

Tested:

 Compiled/booted
 Ran some tests on bnx2x and explicitely disabled hardware provided rxhash
 ethtool -K eth1 rxhash off
 ethtool -K eth2 rxhash off

Google-Bug-Id: 11465355
Effort: net-fixes
Change-Id: I813e4dc48cecb05f8edfa218304e1f13fd764323
Signed-off-by: Ed Tam <etam@google.com>