fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
authorStefano Brivio <sbrivio@redhat.com>
Thu, 3 Jan 2019 20:43:34 +0000 (21:43 +0100)
committerDavid S. Miller <davem@davemloft.net>
Fri, 4 Jan 2019 21:06:07 +0000 (13:06 -0800)
commitbc6e019b6ee65ff4ebf3ca272f774cf6c67db669
tree7fd864915e5771b489b207b32e76eeda2f1bed19
parent41e4e2cd75346667b0c531c07dab05cce5b06d15
fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite

In commit 11789039da53 ("fou: Prevent unbounded recursion in GUE error
handler"), I didn't take care of the case where UDP-Lite is encapsulated
into UDP or UDP-Lite with GUE. From a syzbot report about a possibly
similar issue with GUE on IPv6, I just realised the same thing might
happen with a UDP-Lite inner payload.

Also skip exception handling for inner UDP-Lite protocol.

Fixes: 11789039da53 ("fou: Prevent unbounded recursion in GUE error handler")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/fou.c