batman-adv: verify tt len does not exceed packet len

author Marek Lindner <lindner_marek@yahoo.de>

Mon, 4 Mar 2013 02:39:49 +0000 (10:39 +0800)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Thu, 28 Mar 2013 19:17:07 +0000 (12:17 -0700)
author Marek Lindner <lindner_marek@yahoo.de>
Mon, 4 Mar 2013 02:39:49 +0000 (10:39 +0800)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 28 Mar 2013 19:17:07 +0000 (12:17 -0700)
diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c

index 7d02ebd11a7f1bd13b173cbe1eb0f54e623e0345..1ee94d08f93243179c64fea8393dc11ef91e94b7 100644 (file)
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
@@ -1298,7 +1298,8 @@ static int batadv_iv_ogm_receive(struct sk_buff *skb,
         batadv_ogm_packet = (struct batadv_ogm_packet *)packet_buff;
  
         /* unpack the aggregated packets and process them one by one */
-       do {
+       while (batadv_iv_ogm_aggr_packet(buff_pos, packet_len,
+                                        batadv_ogm_packet->tt_num_changes)) {
                 tt_buff = packet_buff + buff_pos + BATADV_OGM_HLEN;
  
                 batadv_iv_ogm_process(ethhdr, batadv_ogm_packet, tt_buff,
@@ -1309,8 +1310,7 @@ static int batadv_iv_ogm_receive(struct sk_buff *skb,
  
                 packet_pos = packet_buff + buff_pos;
                 batadv_ogm_packet = (struct batadv_ogm_packet *)packet_pos;
-       } while (batadv_iv_ogm_aggr_packet(buff_pos, packet_len,
-                                          batadv_ogm_packet->tt_num_changes));
+       }
  
         kfree_skb(skb);
         return NET_RX_SUCCESS;
author	Marek Lindner <lindner_marek@yahoo.de>
	Mon, 4 Mar 2013 02:39:49 +0000 (10:39 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 28 Mar 2013 19:17:07 +0000 (12:17 -0700)