| commit | 41d33a5b803bd1c3ca84f5bfb9ab77d06ce09fca | |
| author | Sabrina Dubroca <sd@queasysnail.net> | |
| Wed, 19 Jul 2017 20:28:55 +0000 (19 22:28 +0200) | ||
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
| Fri, 11 Aug 2017 16:30:14 +0000 (11 09:30 -0700) | ||
| tree | 95aff5cd2a5195571bd9b90d792fc51f5c790bd7 | treesnapshot (tar.gz zip) |
| parent | e32f7a70ef5dbf7f14beca49ad829c4367c18ac4 | commitdiff |
ipv6: avoid overflow of offset in ip6_find_1stfragopt
[ Upstream commit 6399f1fae4ec29fab5ec76070435555e256ca3a6 ]
In some cases, offset can overflow and can cause an infinite loop in
ip6_find_1stfragopt(). Make it unsigned int to prevent the overflow, and
cap it at IPV6_MAXPLEN, since packets larger than that should be invalid.
This problem has been here since before the beginning of git history.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 6399f1fae4ec29fab5ec76070435555e256ca3a6 ]
In some cases, offset can overflow and can cause an infinite loop in
ip6_find_1stfragopt(). Make it unsigned int to prevent the overflow, and
cap it at IPV6_MAXPLEN, since packets larger than that should be invalid.
This problem has been here since before the beginning of git history.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| net/ipv6/output_core.c | diffblobblamehistory |