www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Paolo Abeni <pabeni@redhat.com>
	Tue, 21 Feb 2017 08:33:18 +0000 (09:33 +0100)
committer	Dhaval Giani <dhaval.giani@oracle.com>
	Mon, 29 May 2017 21:21:34 +0000 (17:21 -0400)
commit	17e6b54f0719cde927a7f3a744e401cb15ebe0f4
tree	5b083f8daa3e867974971141a86ffdf8e8f32df5	tree
parent	95b878a2cdb8207f7f478f0de707dd8c88f752ea	commit \| diff

ip: fix IP_CHECKSUM handling

The skbs processed by ip_cmsg_recv() are not guaranteed to
be linear e.g. when sending UDP packets over loopback with
MSGMORE.
Using csum_partial() on [potentially] the whole skb len
is dangerous; instead be on the safe side and use skb_checksum().

Thanks to syzkaller team to detect the issue and provide the
reproducer.

v1 -> v2:
- move the variable declaration in a tighter scope

Fixes: ad6f939ab193 ("ip: Add offset parameter to ip_cmsg_recv")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32)

Orabug: 25802576
CVE-2017-6347

Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>
Reviewed-by: Jack Vogel <jack.vogel@oracle.com>