ip_gre: fix a possible crash in ipgre_err()

Another fix needed in ipgre_err(), as parse_gre_header() might change
skb->head.

Bug added in commit c54419321455 (GRE: Refactor GRE tunneling code.)

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index c625e4dad4b05066d92fe02d1778b555234d0f2a..2a83591492dd6f3e8b7470c3e9b897dad7625a49 100644 (file)
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -235,7 +235,7 @@ static void ipgre_err(struct sk_buff *skb, u32 info)
           */
        struct net *net = dev_net(skb->dev);
        struct ip_tunnel_net *itn;
-       const struct iphdr *iph = (const struct iphdr *)skb->data;
+       const struct iphdr *iph;
        const int type = icmp_hdr(skb)->type;
        const int code = icmp_hdr(skb)->code;
        struct ip_tunnel *t;
@@ -281,6 +281,7 @@ static void ipgre_err(struct sk_buff *skb, u32 info)
        else
                itn = net_generic(net, ipgre_net_id);
 
+       iph = (const struct iphdr *)skb->data;
        t = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi.flags,
                             iph->daddr, iph->saddr, tpi.key);