]> git.proxmox.com Git - mirror_ubuntu-disco-kernel.git/commit
ipv6: dccp: fix out of bound access in dccp_v6_err()
authorEric Dumazet <edumazet@google.com>
Thu, 3 Nov 2016 03:30:48 +0000 (20:30 -0700)
committerDavid S. Miller <davem@davemloft.net>
Thu, 3 Nov 2016 20:16:51 +0000 (16:16 -0400)
commit1aa9d1a0e7eefcc61696e147d123453fc0016005
tree552c032ae3d6773f8130e154fa5223f6676537e5
parent93636d1f1f162ae89ae4f2a22a83bf4fd960724e
ipv6: dccp: fix out of bound access in dccp_v6_err()

dccp_v6_err() does not use pskb_may_pull() and might access garbage.

We only need 4 bytes at the beginning of the DCCP header, like TCP,
so the 8 bytes pulled in icmpv6_notify() are more than enough.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/dccp/ipv6.c