linux-stable/net/batman-adv
Sven Eckelmann d7d8bbb40a batman-adv: Expand merged fragment buffer for full packet
The complete size ("total_size") of the fragmented packet is stored in the
fragment header and in the size of the fragment chain. When the fragments
are ready for merge, the skbuff's tail of the first fragment is expanded to
have enough room after the data pointer for at least total_size. This means
that it gets expanded by total_size - first_skb->len.

But this is ignoring the fact that after expanding the buffer, the fragment
header is pulled by from this buffer. Assuming that the tailroom of the
buffer was already 0, the buffer after the data pointer of the skbuff is
now only total_size - len(fragment_header) large. When the merge function
is then processing the remaining fragments, the code to copy the data over
to the merged skbuff will cause an skb_over_panic when it tries to actually
put enough data to fill the total_size bytes of the packet.

The size of the skb_pull must therefore also be taken into account when the
buffer's tailroom is expanded.

Fixes: 610bfc6bc9 ("batman-adv: Receive fragmented packets and merge")
Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net>
Co-authored-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
2018-11-12 10:41:29 +01:00
..
bat_algo.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bat_algo.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bat_iv_ogm.c batman-adv: Move OGM rebroadcast stats to orig_ifinfo 2018-09-15 09:51:10 +02:00
bat_iv_ogm.h batman-adv: Unify include guards style 2018-07-07 22:02:17 +02:00
bat_v.c batman-adv: Fix bat_v best gw refcnt after netlink dump 2018-06-23 10:29:33 +02:00
bat_v.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bat_v_elp.c batman-adv: Use explicit tvlv padding for ELP packets 2018-11-12 10:41:29 +01:00
bat_v_elp.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bat_v_ogm.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bat_v_ogm.h batman-adv: Unify include guards style 2018-07-07 22:02:17 +02:00
bitarray.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bitarray.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bridge_loop_avoidance.c batman-adv: fix backbone_gw refcount on queue_work() failure 2018-09-07 08:14:26 +02:00
bridge_loop_avoidance.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
debugfs.c batman-adv: Mark debugfs functionality as deprecated 2018-09-14 10:50:26 +02:00
debugfs.h batman-adv: Mark debugfs functionality as deprecated 2018-09-14 10:50:26 +02:00
distributed-arp-table.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-23 11:31:58 -04:00
distributed-arp-table.h batman-adv: add DAT cache netlink support 2018-03-14 10:15:08 +01:00
fragmentation.c batman-adv: Expand merged fragment buffer for full packet 2018-11-12 10:41:29 +01:00
fragmentation.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
gateway_client.c batman-adv: Prevent duplicated gateway_node entry 2018-09-06 13:55:20 +02:00
gateway_client.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
gateway_common.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
gateway_common.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
hard-interface.c batman-adv: Move OGM rebroadcast stats to orig_ifinfo 2018-09-15 09:51:10 +02:00
hard-interface.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
hash.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
hash.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
icmp_socket.c batman-adv: Mark debugfs functionality as deprecated 2018-09-14 10:50:26 +02:00
icmp_socket.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
Kconfig batman-adv: Provide debug messages as trace events 2018-09-15 09:51:08 +02:00
log.c batman-adv: Provide debug messages as trace events 2018-09-15 09:51:08 +02:00
log.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
main.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
main.h batman-adv: Increase version number to 2018.3 2018-09-14 17:59:20 +02:00
Makefile batman-adv: Provide debug messages as trace events 2018-09-15 09:51:08 +02:00
multicast.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-05-26 19:46:15 -04:00
multicast.h batman-adv: add multicast flags netlink support 2018-03-14 10:15:34 +01:00
netlink.c batman-adv: add multicast flags netlink support 2018-03-14 10:15:34 +01:00
netlink.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
network-coding.c batman-adv: Prevent duplicated nc_node entry 2018-09-06 13:55:58 +02:00
network-coding.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
originator.c batman-adv: Move OGM rebroadcast stats to orig_ifinfo 2018-09-15 09:51:10 +02:00
originator.h batman-adv: Move OGM rebroadcast stats to orig_ifinfo 2018-09-15 09:51:10 +02:00
routing.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-23 11:31:58 -04:00
routing.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
send.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
send.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
soft-interface.c Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2018-09-25 10:35:29 -07:00
soft-interface.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
sysfs.c batman-adv: Fix segfault when writing to sysfs elp_interval 2018-09-06 13:54:48 +02:00
sysfs.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
tp_meter.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
tp_meter.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
trace.c batman-adv: Provide debug messages as trace events 2018-09-15 09:51:08 +02:00
trace.h batman-adv: Provide debug messages as trace events 2018-09-15 09:51:08 +02:00
translation-table.c batman-adv: Prevent duplicated global TT entry 2018-09-06 14:37:12 +02:00
translation-table.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
tvlv.c batman-adv: Prevent duplicated tvlv handler 2018-09-06 14:37:13 +02:00
tvlv.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
types.h batman-adv: Move OGM rebroadcast stats to orig_ifinfo 2018-09-15 09:51:10 +02:00