]> git.proxmox.com Git - mirror_ubuntu-disco-kernel.git/commit
projects / mirror_ubuntu-disco-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 06ed69a) | patch
xfrm4: Fix uninitialized memory read in _decode_session4
authorSteffen Klassert <steffen.klassert@secunet.com>
Tue, 26 Feb 2019 06:04:50 +0000 (07:04 +0100)
committerStefan Bader <stefan.bader@canonical.com>
Mon, 12 Aug 2019 09:30:51 +0000 (11:30 +0200)
commit9d66d29949b5d8ec1e1238e3b2023884ed57b2ef
treeceeac83f95fc184b3fc96dfe18802a994629e0fdtree
parent06ed69a087f34347083db5b1e30ba38112d991eecommit | diff
xfrm4: Fix uninitialized memory read in _decode_session4

BugLink: https://bugs.launchpad.net/bugs/1837516
[ Upstream commit 8742dc86d0c7a9628117a989c11f04a9b6b898f3 ]

We currently don't reload pointers pointing into skb header
after doing pskb_may_pull() in _decode_session4(). So in case
pskb_may_pull() changed the pointers, we read from random
memory. Fix this by putting all the needed infos on the
stack, so that we don't need to access the header pointers
after doing pskb_may_pull().

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
net/ipv4/xfrm4_policy.c diff | blob | blame | history
Ubuntu Disco kernel mirror for Proxmox VE and PMG