]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 4a5ed33) | patch
ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
authorBen Hutchings <ben@decadent.org.uk>
Wed, 31 May 2017 12:15:41 +0000 (13:15 +0100)
committerKirtikar Kashyap <kirtikar.kashyap@oracle.com>
Tue, 18 Jul 2017 19:24:04 +0000 (12:24 -0700)
commitef46a42409986d519687c70cc2b0254c8c61edfa
tree5a2f0b92e7592c4408fda70aac6e11401236b647tree
parent4a5ed33a7c9cf967eba19fd0743e2ab8a9b25616commit | diff
ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()

xfrm6_find_1stfragopt() may now return an error code and we must
not treat it as a length.

Fixes: 2423496af35d ("ipv6: Prevent overrun when parsing v6 header options")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Acked-by: Craig Gallek <kraig@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 6e80ac5cc992ab6256c3dae87f7e57db15e1a58c)

Orabug: 26175248
CVE-2017-9074

Signed-off-by: Kirtikar Kashyap <kirtikar.kashyap@oracle.com>
Reviewed-by: Qing Huang <qing.huang@oracle.com>
Reviewed-by: Jack Vogel <jack.vogel@oracle.com>
net/ipv6/xfrm6_mode_ro.c diff | blob | history
net/ipv6/xfrm6_mode_transport.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.