projects / linux-4.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 49c6fa4) | patch
ip6_tunnel: must reload ipv6h in ip6ip6_tnl_xmit()
authorEric Dumazet <edumazet@google.com>
Tue, 24 Jan 2017 00:43:05 +0000 (16:43 -0800)
committerRaspbian kernel package updater <root@raspbian.org>
Sun, 23 Jul 2017 03:05:31 +0000 (03:05 +0000)
commitc1fd21cb18b7a74f77d186eb22532239859886d7
tree6110fae4ab9baf6989cd6f89adf99237542adbfatree | snapshot
parent49c6fa4516d533a3f38370ea64030dd39de2696dcommit | diff
ip6_tunnel: must reload ipv6h in ip6ip6_tnl_xmit()

[ Upstream commit 21b995a9cb093fff33ec91d7cb3822b882a90a1e ]

Since ip6_tnl_parse_tlv_enc_lim() can call pskb_may_pull(),
we must reload any pointer that was related to skb->head
(or skb->data), or risk use after free.

Fixes: c12b395a4664 ("gre: Support GRE over IPv6")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Dmitry Kozlov <xeb@mail.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/ipv6/ip6_gre.c diff | blob | history
net/ipv6/ip6_tunnel.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.