www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Eric Dumazet <edumazet@google.com>
	Sun, 12 Feb 2017 22:03:52 +0000 (14:03 -0800)
committer	Dhaval Giani <dhaval.giani@oracle.com>
	Mon, 29 May 2017 21:22:53 +0000 (17:22 -0400)
commit	c64b7f7b8e8d8d91d2576d140edab4e7c64f1133
tree	2128b69d57898baecfcda549d1eacbc62d5b3743	tree
parent	17e6b54f0719cde927a7f3a744e401cb15ebe0f4	commit \| diff

net/llc: avoid BUG_ON() in skb_orphan()

It seems nobody used LLC since linux-3.12.

Fortunately fuzzers like syzkaller still know how to run this code,
otherwise it would be no fun.

Setting skb->sk without skb->destructor leads to all kinds of
bugs, we now prefer to be very strict about it.

Ideally here we would use skb_set_owner() but this helper does not exist yet,
only CAN seems to have a private helper for that.

Orabug: 25802599
CVE: CVE-2017-6345

Fixes: 376c7311bdb6 ("net: add a temporary sanity check in skb_orphan()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Aniket Alshi <aniket.alshi@oracle.com>
(cherry picked from commit 8b74d439e1697110c5e5c600643e823eb1dd0762)
Reviewed-by: Jack Vogel <jack.vogel@oracle.com>

net/llc/llc_conn.c		diff \| blob \| history
net/llc/llc_sap.c		diff \| blob \| history