On Wed, 2020-11-18 at 13:47 -0300, Marcelo Ricardo Leitner wrote: > On Wed, Nov 18, 2020 at 05:36:52PM +0100, Davide Caratti wrote: > > Hi, > > > case TCA_MPLS_ACT_MODIFY: > > + if (!pskb_may_pull(skb, > > + skb_network_offset(skb) + sizeof(new_lse))) > > + goto drop; > > new_lse = tcf_mpls_get_lse(mpls_hdr(skb), p, false); > > if (skb_mpls_update_lse(skb, new_lse)) > > goto drop; > > Seems TCA_MPLS_ACT_DEC_TTL is also affected. skb_mpls_dec_ttl() will > also call mpls_hdr(skb) without this check. > > Marcelo > ... yes, correct; and at a first glance, also set_mpls() in openvswitch/action.c has the same (theoretical) issue. I will follow-up with other 2 patches, ok?
thanks! -- davide
