From f1fb521f7d94c35e278d76a9198f078223f26799 Mon Sep 17 00:00:00 2001 From: Thomas Graf Date: Tue, 16 Dec 2014 21:05:21 +0100 Subject: [PATCH] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() The encap->type comes straight from Netlink. Validate it against max supported encap types just like ip_encap_hlen() already does. Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)") Signed-off-by: Thomas Graf Signed-off-by: David S. Miller --- net/ipv4/ip_tunnel.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c index 2f498f87e3d8..d3e447936720 100644 --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -573,6 +573,9 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t, if (t->encap.type == TUNNEL_ENCAP_NONE) return 0; + if (t->encap.type >= MAX_IPTUN_ENCAP_OPS) + return -EINVAL; + rcu_read_lock(); ops = rcu_dereference(iptun_encaps[t->encap.type]); if (likely(ops && ops->build_header)) -- 2.20.1