Lucid CVE-2012-3412

Herton Ronaldo Krzesinski herton.krzesinski at
Fri Aug 24 15:05:31 UTC 2012

On Fri, Aug 24, 2012 at 07:58:34AM -0600, Tim Gardner wrote:
>  static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb)
>  {
> +	if (skb_is_gso(skb) &&
> +		skb_shinfo(skb)->gso_segs > skb->dev->gso_max_segs)
> +		return 0;

Shouldn't be return 1 here? If the condition is true, we would clear the
flags from features. If flags are cleared, when calling skb_gso_ok:

net_gso_ok would always return 0
skb_gso_ok would always return 0
netif_needs_gso returns 1 because it does !skb_gso_ok

Unless I'm missing something here. Anyway, hard to read these functions...
I think just copying/clearing the flags and passing through skb_gso_ok
would be better.


More information about the kernel-team mailing list