bridge: ignore bogus STP config packets

If the message_age is already greater than the max_age, then the
BPDU is bogus. Linux won't generate BPDU, but conformance tester
or buggy implementation might.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c
index 289646e..b69232b 100644 (file)
--- a/net/bridge/br_stp_bpdu.c
+++ b/net/bridge/br_stp_bpdu.c
@@ -210,6 +210,17 @@ void br_stp_rcv(const struct stp_proto *proto, struct sk_buff *skb,
                bpdu.hello_time = br_get_ticks(buf+28);
                bpdu.forward_delay = br_get_ticks(buf+30);
 
+               if (bpdu.message_age > bpdu.max_age) {
+                       if (net_ratelimit())
+                               br_notice(p->br,
+                                         "port %u config from %pM"
+                                         " (message_age %ul > max_age %ul)\n",
+                                         p->port_no,
+                                         eth_hdr(skb)->h_source,
+                                         bpdu.message_age, bpdu.max_age);
+                       goto out;
+               }
+
                br_received_config_bpdu(p, &bpdu);
        }