]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 545da26) | patch
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
authorEric Dumazet <edumazet@google.com>
Sun, 30 Sep 2018 18:33:39 +0000 (11:33 -0700)
committerJuerg Haefliger <juergh@canonical.com>
Wed, 24 Jul 2019 01:53:12 +0000 (19:53 -0600)
commit540e6f99dc8e96b41c9c5c0a30513423c5753c50
tree1b0e7818e3062e27282ee2fe6a736c39b1cbaf22tree
parent545da2619dcf3284e75038a6a3fd57de892c673ccommit | diff
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()

BugLink: https://bugs.launchpad.net/bugs/1836426
[ Upstream commit 64199fc0a46ba211362472f7f942f900af9492fd ]

Caching ip_hdr(skb) before a call to pskb_may_pull() is buggy,
do not do it.

Fixes: 2efd4fca703a ("ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
net/ipv4/ip_sockglue.c diff | blob | blame | history
ubuntu-bionic-kernel mirror