www.infradead.org Git - users/jedix/linux-maple.git/commit

author	yujuan.qi <yujuan.qi@mediatek.com>
	Mon, 31 Jul 2017 03:23:01 +0000 (11:23 +0800)
committer	Brian Maly <brian.maly@oracle.com>
	Wed, 29 Aug 2018 23:16:05 +0000 (19:16 -0400)
commit	276f0d55552706a4a22a244f4bde02e5c693be1c
tree	380e97a8011e62eb7c362966f2bcc9939744c96e	tree
parent	66bd48df33e9696ba236320796ed80796b449013	commit \| diff

Cipso: cipso_v4_optptr enter infinite loop

Orabug: 28563992
CVE: CVE-2018-10938

in for(),if((optlen > 0) && (optptr[1] == 0)), enter infinite loop.

Test: receive a packet which the ip length > 20 and the first byte of ip option is 0, produce this issue

Signed-off-by: yujuan.qi <yujuan.qi@mediatek.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 40413955ee265a5e42f710940ec78f5450d49149)
Signed-off-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
Reviewed-by: Brian Maly <brian.maly@oracle.com
Signed-off-by: Brian Maly <brian.maly@oracle.com>