On 05/21/2019 09:52 AM, Lorenz Bauer wrote:
> __bpf_skc_lookup takes a socket tuple and the length of the
> tuple as an argument. Based on the length, it decides which
> address family to pass to the helper function sk_lookup.
>
> In case of AF_INET6, it fails to verify that the length
> of the tu
__bpf_skc_lookup takes a socket tuple and the length of the
tuple as an argument. Based on the length, it decides which
address family to pass to the helper function sk_lookup.
In case of AF_INET6, it fails to verify that the length
of the tuple is long enough. sk_lookup may therefore access
data
