]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0983351) | patch
xfrm4: Fix uninitialized memory read in _decode_session4
authorSteffen Klassert <steffen.klassert@secunet.com>
Tue, 26 Feb 2019 06:04:50 +0000 (07:04 +0100)
committerKleber Sacilotto de Souza <kleber.souza@canonical.com>
Wed, 14 Aug 2019 09:18:49 +0000 (11:18 +0200)
commit504a038537cc2be08d89cebdad2c79e529ed379d
treed90aa597562a773a472a7f34db3277c32135e309tree
parent0983351cd834393008f022fb374034f446fae24ccommit | diff
xfrm4: Fix uninitialized memory read in _decode_session4

BugLink: https://bugs.launchpad.net/bugs/1838576
[ Upstream commit 8742dc86d0c7a9628117a989c11f04a9b6b898f3 ]

We currently don't reload pointers pointing into skb header
after doing pskb_may_pull() in _decode_session4(). So in case
pskb_may_pull() changed the pointers, we read from random
memory. Fix this by putting all the needed infos on the
stack, so that we don't need to access the header pointers
after doing pskb_may_pull().

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
net/ipv4/xfrm4_policy.c diff | blob | blame | history
ubuntu-bionic-kernel mirror