diff options
| author |   David S. Miller <davem@davemloft.net> | 2018-06-01 13:25:41 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-06-01 13:25:41 -0400 |
| commit | ccfde6e27d9566bee596d41a2cc6f158af8595d5 (patch) | |
| tree | afc718c79fd75ed746ea4796a045125d1aac4827 /net/ipv6 | |
| parent | net: dsa: b53: Add BCM5389 support (diff) | |
| parent | xfrm Fix potential error pointer dereference in xfrm_bundle_create. (diff) | |
| download | wireguard-linux-ccfde6e27d9566bee596d41a2cc6f158af8595d5.tar.xz wireguard-linux-ccfde6e27d9566bee596d41a2cc6f158af8595d5.zip | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
pull request (net): ipsec 2018-05-31
1) Avoid possible overflow of the offset variable
in _decode_session6(), this fixes an infinite
lookp there. From Eric Dumazet.
2) We may use an error pointer in the error path of
xfrm_bundle_create(). Fix this by returning this
pointer directly to the caller.
Please pull or let me know if there are problems.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/xfrm6_policy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index 416fe67271a9..86dba282a147 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c @@ -126,7 +126,7 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) struct flowi6 *fl6 = &fl->u.ip6; int onlyproto = 0; const struct ipv6hdr *hdr = ipv6_hdr(skb); - u16 offset = sizeof(*hdr); + u32 offset = sizeof(*hdr); struct ipv6_opt_hdr *exthdr; const unsigned char *nh = skb_network_header(skb); u16 nhoff = IP6CB(skb)->nhoff; |