projects / openwrt / staging / blogic.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b9f1bcb) | patch
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
authorEric Dumazet <edumazet@google.com>
Sun, 30 Sep 2018 18:33:39 +0000 (11:33 -0700)
committerDavid S. Miller <davem@davemloft.net>
Wed, 3 Oct 2018 05:32:05 +0000 (22:32 -0700)
commit64199fc0a46ba211362472f7f942f900af9492fd
tree35b727833c02a05799aa522edde425018b33160atree | snapshot
parentb9f1bcb22091aacc0202c9ff6181e696cd1dc7dccommit | diff
ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()

Caching ip_hdr(skb) before a call to pskb_may_pull() is buggy,
do not do it.

Fixes: 2efd4fca703a ("ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/ip_sockglue.c diff | blob | history
John Crispins staging tree