xfrm: ipcomp: Call pskb_may_pull in ipcomp_input

If a malformed packet is received there may not be enough data to pull. This isn't a problem in practice because the caller has already done xfrm_parse_spi which in effect does the same thing. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Herbert Xu <herbert@gondor.apana.org.au> 2025-03-15 18:30:19 +0800
committer: Herbert Xu <herbert@gondor.apana.org.au> 2025-03-21 17:33:39 +0800
commit: 39a3f23407d3b6942727ae2367382b5575d995c9 (patch)
tree: 699941545e2a2cf7059e53ad86ba68a1092a48a7
parent: 9b00eb923f3e60ca76cbc8b31123716f3a87ac6a (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
index 9c0fa0e1786a..43eae94e4b0e 100644
--- a/net/xfrm/xfrm_ipcomp.c
+++ b/net/xfrm/xfrm_ipcomp.c
@@ -97,6 +97,9 @@ int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
 	int err = -ENOMEM;
 	struct ip_comp_hdr *ipch;
 
+	if (!pskb_may_pull(skb, sizeof(*ipch)))
+		return -EINVAL;
+
 	if (skb_linearize_cow(skb))
 		goto out;
author	Herbert Xu <herbert@gondor.apana.org.au>	2025-03-15 18:30:19 +0800
committer	Herbert Xu <herbert@gondor.apana.org.au>	2025-03-21 17:33:39 +0800
commit	39a3f23407d3b6942727ae2367382b5575d995c9 (patch)
tree	699941545e2a2cf7059e53ad86ba68a1092a48a7
parent	9b00eb923f3e60ca76cbc8b31123716f3a87ac6a (diff)