On Wed, Nov 18, 2020 at 06:07:22PM +0100, Davide Caratti wrote: > On Wed, 2020-11-18 at 13:47 -0300, Marcelo Ricardo Leitner wrote: > > On Wed, Nov 18, 2020 at 05:36:52PM +0100, Davide Caratti wrote: > > > > Hi, > > > > > case TCA_MPLS_ACT_MODIFY: > > > + if (!pskb_may_pull(skb, > > > + skb_network_offset(skb) + sizeof(new_lse))) > > > + goto drop; > > > new_lse = tcf_mpls_get_lse(mpls_hdr(skb), p, false); > > > if (skb_mpls_update_lse(skb, new_lse)) > > > goto drop; > > > > Seems TCA_MPLS_ACT_DEC_TTL is also affected. skb_mpls_dec_ttl() will > > also call mpls_hdr(skb) without this check. > > > > Marcelo > > > ... yes, correct; and at a first glance, also set_mpls() in > openvswitch/action.c has the same (theoretical) issue. I will follow-up > with other 2 patches, ok?
Yep! Thanks. Reviewed-by: Marcelo Ricardo Leitner <marcelo.leit...@gmail.com>
