tag 76eafcb9729981fa3a814287c1921e894a242ca7
tagger Todd Kjos <tkjos@google.com> Wed Jan 05 13:21:56 2022 -0800
object 0ca5d5ac9152d01b3494fb2efb5390319eb9904a

https://source.android.com/security/bulletin/2022-01-01
CVE-2020-14305
CVE-2020-29368
CVE-2021-39633
CVE-2021-39634

commit 0ca5d5ac9152d01b3494fb2efb5390319eb9904a
author Shreyansh Chouhan <chouhan.shreyansh630@gmail.com> Sat Aug 21 12:44:24 2021 +0530
committer Todd Kjos <tkjos@google.com> Wed Jan 05 13:15:08 2022 -0800
tree 147e9108cc3848c0cc47858b419549fc710e84ab
parent 7266476fa7fc3b7197dec781a101cdeb298551f4

ip_gre: add validation for csum_start

[ Upstream commit 1d011c4803c72f3907eccfc1ec63caefb852fcbf ]

Validate csum_start in gre_handle_offloads before we call _gre_xmit so
that we do not crash later when the csum_start value is used in the
lco_csum function call.

This patch deals with ipv4 code.

Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.")
Reported-by: syzbot+ff8e1b9f2f36481e2efc@syzkaller.appspotmail.com
Signed-off-by: Shreyansh Chouhan <chouhan.shreyansh630@gmail.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>