subject:"\[PATCH net\-next\] ipv6\: Prevent overrun when parsing v6 header options"

Re: [PATCH net-next] ipv6: Prevent overrun when parsing v6 header options

2017-05-17 Thread David Miller

From: Craig Gallek Date: Tue, 16 May 2017 14:36:23 -0400 > From: Craig Gallek > > The KASAN warning repoted below was discovered with a syzkaller > program. The reproducer is basically: > int s = socket(AF_INET6, SOCK_RAW, NEXTHDR_HOP); > send(s, &one_byte_of_data, 1, MSG_MORE); > send(s

[PATCH net-next] ipv6: Prevent overrun when parsing v6 header options

2017-05-16 Thread Craig Gallek

From: Craig Gallek The KASAN warning repoted below was discovered with a syzkaller program. The reproducer is basically: int s = socket(AF_INET6, SOCK_RAW, NEXTHDR_HOP); send(s, &one_byte_of_data, 1, MSG_MORE); send(s, &more_than_mtu_bytes_data, 2000, 0); The socket() call sets the nexthd