]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6902952) | patch
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
authorEric Dumazet <edumazet@google.com>
Sun, 30 Sep 2018 18:33:39 +0000 (11:33 -0700)
committerDavid S. Miller <davem@davemloft.net>
Wed, 3 Oct 2018 05:32:05 +0000 (22:32 -0700)
commitc341bd13a6ed3f0f4a4a7cc31bbda9f26b603a03
tree35b727833c02a05799aa522edde425018b33160atree | snapshot
parent69029524b56acacd98ef229b34e94cbcaaeee2dacommit | diff
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()

Caching ip_hdr(skb) before a call to pskb_may_pull() is buggy,
do not do it.

Fixes: 9d503672ce72 ("ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/ip_sockglue.c diff | blob | history
Linux Kernel Source Tree.