git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit

author	Sabrina Dubroca <sd@queasysnail.net>
	Wed, 19 Jul 2017 20:28:55 +0000 (22:28 +0200)
committer	Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
	Tue, 22 Aug 2017 09:58:13 +0000 (06:58 -0300)
commit	83fb1a9b3ec8c24cd5694cc17b2cc0e77a22c94c
tree	9163ce5f8a05611e5cb30d4ec7e66a6954981515	tree
parent	b16645c6d4a0c6b73e2183e3480c5b0acf7a15a7	commit \| diff

ipv6: avoid overflow of offset in ip6_find_1stfragopt

BugLink: http://bugs.launchpad.net/bugs/1711526
[ Upstream commit 6399f1fae4ec29fab5ec76070435555e256ca3a6 ]

In some cases, offset can overflow and can cause an infinite loop in
ip6_find_1stfragopt(). Make it unsigned int to prevent the overflow, and
cap it at IPV6_MAXPLEN, since packets larger than that should be invalid.

This problem has been here since before the beginning of git history.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>