First patch fixes ip6_tnl_parse_tlv_enc_lim() callers, bug added in linux-3.7
Second patch fixes ip6_tnl_parse_tlv_enc_lim() itself, bug predates linux-2.6.12 Based on a report from Dmitry Vyukov, thanks to KASAN. Eric Dumazet (2): ip6_tunnel: must reload ipv6h in ip6ip6_tnl_xmit() ipv6: fix ip6_tnl_parse_tlv_enc_lim() net/ipv6/ip6_gre.c | 3 +++ net/ipv6/ip6_tunnel.c | 34 +++++++++++++++++++++++----------- 2 files changed, 26 insertions(+), 11 deletions(-) -- 2.11.0.483.g087da7b7c-goog
