ip6_gre: fix a pontential issue in ip6erspan_rcv

pskb_may_pull() can change skb->data, so we need to load ipv6h/ershdr at
the right place.

Fixes: 5a963eb61b7c ("ip6_gre: Add ERSPAN native tunnel support")
Cc: William Tu <u9012063@gmail.com>
Acked-by: William Tu <u9012063@gmail.com>
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 87b9892..9bd1103 100644 (file)
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -507,12 +507,11 @@ static int ip6erspan_rcv(struct sk_buff *skb, int gre_hdr_len,
        struct ip6_tnl *tunnel;
        u8 ver;
 
-       ipv6h = ipv6_hdr(skb);
-       ershdr = (struct erspan_base_hdr *)skb->data;
-
        if (unlikely(!pskb_may_pull(skb, sizeof(*ershdr))))
                return PACKET_REJECT;
 
+       ipv6h = ipv6_hdr(skb);
+       ershdr = (struct erspan_base_hdr *)skb->data;
        ver = (ntohs(ershdr->ver_vlan) & VER_MASK) >> VER_OFFSET;
        tpi->key = cpu_to_be32(ntohs(ershdr->session_id) & ID_MASK);