git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit

author	Zheng Li <james.z.li@ericsson.com>
	Wed, 28 Dec 2016 15:23:46 +0000 (23:23 +0800)
committer	Stefan Bader <stefan.bader@canonical.com>
	Tue, 8 Aug 2017 10:39:57 +0000 (12:39 +0200)
commit	74b6bea3c09d8e28437dcdd7134e2e0451afb15a
tree	d60820d62f8e693768feac5e6110bc4647691dc6	tree
parent	0de6ee9d8c2d1b35fd86a1d4c6134e9f7ea0e93d	commit \| diff

ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output

There is an inconsistent conditional judgement between __ip6_append_data
and ip6_finish_output functions, the variable length in __ip6_append_data
just include the length of application's payload and udp6 header, don't
include the length of ipv6 header, but in ip6_finish_output use
(skb->len > ip6_skb_dst_mtu(skb)) as judgement, and skb->len include the
length of ipv6 header.

That causes some particular application's udp6 payloads whose length are
between (MTU - IPv6 Header) and MTU were fragmented by ip6_fragment even
though the rst->dev support UFO feature.

Add the length of ipv6 header to length in __ip6_append_data to keep
consistent conditional judgement as ip6_finish_output for ip6 fragment.

Signed-off-by: Zheng Li <james.z.li@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
CVE-2017-1000112

(cherry-picked from commit e4c5e13aa45c23692e4acf56f0b3533f328199b2)
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>