netfilter: seqadj: re-load tcp header pointer after possible head reallocation
authorFlorian Westphal <fw@strlen.de>
Wed, 5 Dec 2018 13:12:19 +0000 (14:12 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 7 Dec 2018 09:54:23 +0000 (10:54 +0100)
commit530aad77010b81526586dfc09130ec875cd084e4
treeb5c4a153bc83e2743efd284e02b0e024aa5a51c7
parent4c05ec47384ab3627b62814e8f886e90cc38ce15
netfilter: seqadj: re-load tcp header pointer after possible head reallocation

When adjusting sack block sequence numbers, skb_make_writable() gets
called to make sure tcp options are all in the linear area, and buffer
is not shared.

This can cause tcp header pointer to get reallocated, so we must
reaload it to avoid memory corruption.

This bug pre-dates git history.

Reported-by: Neel Mehta <nmehta@google.com>
Reported-by: Shane Huntley <shuntley@google.com>
Reported-by: Heather Adkins <argv@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_seqadj.c