On Fri, Sep 11, 2015 at 09:57:20AM +0200, Mathias Krause wrote: > From: Mathias Krause <[email protected]> > > Ensure there's enough data left prior calling pskb_may_pull(). If > skb->data was already advanced, we'll call pskb_may_pull() with a > negative value converted to unsigned int -- leading to a huge > positive value. That won't matter in practice as pskb_may_pull() > will likely fail in this case, but it leads to underflow reports on > kernels handling such kind of over-/underflows, e.g. a PaX enabled > kernel instrumented with the size_overflow plugin. > > Reported-by: satmd <[email protected]> > Reported-and-tested-by: Marcin Jurkowski <[email protected]> > Signed-off-by: Mathias Krause <[email protected]> > Cc: PaX Team <[email protected]>
Skipping upper layer informations due to a wrong length calculation, may also leed to incorrect policy lookups. Patch applied to the ipsec tree, thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
