Google Git
Sign in
gfiber / kernel / bruno / a2df29ed840f90e459a3f8ff029b216be3912731
commita2df29ed840f90e459a3f8ff029b216be3912731[log] [tgz]
authorEric Dumazet <edumazet@google.com>Wed Nov 02 19:00:40 2016 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Mon Nov 21 10:06:39 2016 +0100
tree13f8d0c97508fdbe82846d20501d2368ccb2467e
parentad6d0a82016bc1920725f23d5d86b7518dd5f999 [diff]
dccp: fix out of bound access in dccp_v4_err()

[ Upstream commit 6706a97fec963d6cb3f7fc2978ec1427b4651214 ]

dccp_v4_err() does not use pskb_may_pull() and might access garbage.

We only need 4 bytes at the beginning of the DCCP header, like TCP,
so the 8 bytes pulled in icmp_socket_deliver() are more than enough.

This patch might allow to process more ICMP messages, as some routers
are still limiting the size of reflected bytes to 28 (RFC 792), instead
of extended lengths (RFC 1812 4.3.2.3)

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 13f8d0c97508fdbe82846d20501d2368ccb2467e
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS