projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ffac0e9) | patch
net/dccp: fix use-after-free in dccp_invalid_packet
authorEric Dumazet <edumazet@google.com>
Mon, 28 Nov 2016 14:26:49 +0000 (06:26 -0800)
committerDavid S. Miller <davem@davemloft.net>
Wed, 30 Nov 2016 01:37:26 +0000 (20:37 -0500)
commit648f0c28df282636c0c8a7a19ca3ce5fc80a39c3
tree21a521e1c65060e4ef3060e122915134c29aa931tree | snapshot (tar.gz zip)
parentffac0e967f20b7637936dbaa21df08c55f672604commit | diff
net/dccp: fix use-after-free in dccp_invalid_packet

pskb_may_pull() can reallocate skb->head, we need to reload dh pointer
in dccp_invalid_packet() or risk use after free.

Bug found by Andrey Konovalov using syzkaller.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/dccp/ipv4.c diff | blob | blame | history