]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1562323) | patch
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
authorEric Dumazet <edumazet@google.com>
Sun, 30 Sep 2018 18:33:39 +0000 (11:33 -0700)
committerDavid S. Miller <davem@davemloft.net>
Wed, 3 Oct 2018 05:32:05 +0000 (22:32 -0700)
commit2be6c8a382dd43fab8d4d8b964ba56f52e9af4af
tree35b727833c02a05799aa522edde425018b33160atree | snapshot
parent1562323e2a757398376c99d82b48d63d099a7e07commit | diff
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()

Caching ip_hdr(skb) before a call to pskb_may_pull() is buggy,
do not do it.

Fixes: 6ca155cf277a ("ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/ip_sockglue.c diff | blob | history
Linux Kernel Source Tree.