op-kernel-dev - Development kernel branch for OpenPOWER systems

diff options

author	Eric Dumazet <edumazet@google.com>	2016-11-28 06:26:49 -0800
committer	David S. Miller <davem@davemloft.net>	2016-11-29 20:37:26 -0500
commit	648f0c28df282636c0c8a7a19ca3ce5fc80a39c3 (patch)
tree	21a521e1c65060e4ef3060e122915134c29aa931 /net/ceph
parent	ffac0e967f20b7637936dbaa21df08c55f672604 (diff)
download	op-kernel-dev-648f0c28df282636c0c8a7a19ca3ce5fc80a39c3.zip op-kernel-dev-648f0c28df282636c0c8a7a19ca3ce5fc80a39c3.tar.gz

net/dccp: fix use-after-free in dccp_invalid_packet

pskb_may_pull() can reallocate skb->head, we need to reload dh pointer in dccp_invalid_packet() or risk use after free. Bug found by Andrey Konovalov using syzkaller. Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'net/ceph')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: