Skip to content

Commit

Permalink
icmp: Don't leak original dst into ip_route_input()
Browse files Browse the repository at this point in the history 
ip_route_input() unconditionally overwrites the dst. Hide the original
dst attached to the skb by calling skb_dst_set(skb, NULL) prior to
ip_route_input().

Reported-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Thomas Graf authored and David S. Miller committed Jul 21, 2015
1 parent 1d8fff9 commit 773a69d
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/ipv4/icmp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -496,6 +496,7 @@ static struct rtable *icmp_route_lookup(struct net *net,
}
/* Ugh! */
orefdst = skb_in->_skb_refdst; /* save old refdst */
skb_dst_set(skb_in, NULL);
err = ip_route_input(skb_in, fl4_dec.daddr, fl4_dec.saddr,
RT_TOS(tos), rt2->dst.dev);

Expand Down

0 comments on commit 773a69d

Please sign in to comment.