netfilter: flowtable: validate pppoe header

[ Upstream commit 87b3593bed1868b2d9fe096c01bcdf0ea86cbebf ] Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field. Reported-by: syzbot+b6f07e1c07ef40199081@syzkaller.appspotmail.com Fixes: 72efd585f714 ("netfilter: flowtable: add pppoe support") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2024-04-09 14:47:33 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-04-27 18:12:50 +0300
commit: cf366ee3bc1b7d1c76a882640ba3b3f8f1039163 (patch)
tree: c6c25a3fa3cfba85431c2e720935c014ca86e9dd /net/netfilter/nf_flow_table_inet.c
parent: 14b001ba221136c15f894577253e8db535b99487 (diff)
download: linux-cf366ee3bc1b7d1c76a882640ba3b3f8f1039163.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c
index 9505f9d188ff..6eef15648b7b 100644
--- a/net/netfilter/nf_flow_table_inet.c
+++ b/net/netfilter/nf_flow_table_inet.c
@@ -21,7 +21,8 @@ nf_flow_offload_inet_hook(void *priv, struct sk_buff *skb,
 		proto = veth->h_vlan_encapsulated_proto;
 		break;
 	case htons(ETH_P_PPP_SES):
-		proto = nf_flow_pppoe_proto(skb);
+		if (!nf_flow_pppoe_proto(skb, &proto))
+			return NF_ACCEPT;
 		break;
 	default:
 		proto = skb->protocol;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2024-04-09 14:47:33 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-04-27 18:12:50 +0300
commit	cf366ee3bc1b7d1c76a882640ba3b3f8f1039163 (patch)
tree	c6c25a3fa3cfba85431c2e720935c014ca86e9dd /net/netfilter/nf_flow_table_inet.c
parent	14b001ba221136c15f894577253e8db535b99487 (diff)
download	linux-cf366ee3bc1b7d1c76a882640ba3b3f8f1039163.tar.xz