projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 57f2082) | patch
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
authorPaul Hüber <phueber@kernsp.in>
Sun, 26 Feb 2017 16:58:19 +0000 (17:58 +0100)
committerWilly Tarreau <w@1wt.eu>
Tue, 20 Jun 2017 12:04:29 +0000 (14:04 +0200)
commit3475371514112e50da257ed505a5012abfc55094
tree9251f6e6230c989e0c666c913e8034d3b5c5b646tree | snapshot (tar.gz zip)
parent57f208211a18c6f58ed3f69cd8b7edee77cac9a7commit | diff
l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv

commit 51fb60eb162ab84c5edf2ae9c63cf0b878e5547e upstream.

l2tp_ip_backlog_recv may not return -1 if the packet gets dropped.
The return value is passed up to ip_local_deliver_finish, which treats
negative values as an IP protocol number for resubmission.

Signed-off-by: Paul Hüber <phueber@kernsp.in>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
net/l2tp/l2tp_ip.c diff | blob | blame | history
kernel source for telekom puls (alcatel/mediatek)