Re: [PATCH net] ipv6: fix out of bound writes in __ip6_append_data()

From: Eric Dumazet Date: Fri, 19 May 2017 14:17:48 -0700 > From: Eric Dumazet > > Andrey Konovalov and idaif...@gmail.com reported crashes caused by > one skb shared_info being overwritten from __ip6_append_data() > > Andrey program lead to following state : > > copy -4200 datalen 2000 fragle

[PATCH net] ipv6: fix out of bound writes in __ip6_append_data()

From: Eric Dumazet Andrey Konovalov and idaif...@gmail.com reported crashes caused by one skb shared_info being overwritten from __ip6_append_data() Andrey program lead to following state : copy -4200 datalen 2000 fraglen 2040 maxfraglen 2040 alloclen 2048 transhdrlen 0 offset 0 fraggap 6200