| To: | shemminger@xxxxxxxx |
|---|---|
| Subject: | Re: [RFT] remove skb_linearize from igmp.c |
| From: | "David S. Miller" <davem@xxxxxxxxxx> |
| Date: | Mon, 23 Jun 2003 12:02:29 -0700 (PDT) |
| Cc: | netdev@xxxxxxxxxxx |
| In-reply-to: | <20030623120342.470cf504.shemminger@xxxxxxxx> |
| References: | <20030623120342.470cf504.shemminger@xxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
From: Stephen Hemminger <shemminger@xxxxxxxx>
Date: Mon, 23 Jun 2003 12:03:42 -0700
Could someone who actually receives IGMP packets test this?
Don't bother, your patch is buggy.
int len = skb->len;
...
+ if (!pskb_may_pull(skb, sizeof(struct igmphdr)))
+ goto drop;
+
+ ih = skb->h.igmph;
+ if (ip_compute_csum((void *)ih, len))
+ goto drop;
You're only verifying that "sizeof(struct igmphdr)" is available at
skb->data, then you dereference "len" bytes via the call to
ip_compute_csum().
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [RFT] remove skb_linearize from igmp.c, Stephen Hemminger |
|---|---|
| Next by Date: | Re: [RFT] remove skb_linearize from igmp.c, Stephen Hemminger |
| Previous by Thread: | [RFT] remove skb_linearize from igmp.c, Stephen Hemminger |
| Next by Thread: | Re: [RFT] remove skb_linearize from igmp.c, Stephen Hemminger |
| Indexes: | [Date] [Thread] [Top] [All Lists] |