On Fri, Dec 29, 2017 at 06:15:23PM -0600, Eric Biggers wrote:
> From: Eric Biggers
>
> If a message sent to a PF_KEY socket ended with an incomplete extension
> header (fewer than 4 bytes remaining), then parse_exthdrs() read past
> the end of the message, into uninitialized memory. Fix it by re
From: Eric Biggers
If a message sent to a PF_KEY socket ended with an incomplete extension
header (fewer than 4 bytes remaining), then parse_exthdrs() read past
the end of the message, into uninitialized memory. Fix it by returning
-EINVAL in this case.
Reproducer:
#include
#i
