Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 64199fc0a46ba211362472f7f942f900af9492fd
commit64199fc0a46ba211362472f7f942f900af9492fd[log] [tgz]
authorEric Dumazet <edumazet@google.com>Sun Sep 30 11:33:39 2018 -0700
committerDavid S. Miller <davem@davemloft.net>Tue Oct 02 22:32:05 2018 -0700
tree35b727833c02a05799aa522edde425018b33160a
parentb9f1bcb22091aacc0202c9ff6181e696cd1dc7dc [diff]
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()

Caching ip_hdr(skb) before a call to pskb_may_pull() is buggy,
do not do it.

Fixes: 2efd4fca703a ("ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: 35b727833c02a05799aa522edde425018b33160a
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. COPYING
  31. CREDITS
  32. Kbuild
  33. Kconfig
  34. MAINTAINERS
  35. Makefile
  36. README