From: Stefano Brivio <sbri...@redhat.com>
Date: Tue, 18 Dec 2018 00:13:17 +0100
> Handling exceptions for direct UDP encapsulation in GUE (that is,
> UDP-in-UDP) leads to unbounded recursion in the GUE exception handler,
> syzbot reported.
>
> While draft-ietf-intarea-gue-06 doesn't explicitly forbid direct
> encapsulation of UDP in GUE, it probably doesn't make sense to set up GUE
> this way, and it's currently not even possible to configure this.
>
> Skip exception handling if the GUE proto/ctype field is set to the UDP
> protocol number. Should we need to handle exceptions for UDP-in-GUE one
> day, we might need to either explicitly set a bound for recursion, or
> implement a special iterative handling for these cases.
>
> Reported-and-tested-by: syzbot+43f6755d1c2e62743...@syzkaller.appspotmail.com
> Fixes: b8a51b38e4d4 ("fou, fou6: ICMP error handlers for FoU and GUE")
> Signed-off-by: Stefano Brivio <sbri...@redhat.com>
Applied, thanks.
