Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet

From: David Miller
Date: Tue Nov 29 2016 - 20:38:26 EST

Next message: Dmitry Torokhov: "Re: [PATCH 1/2] Input: drv2665: Fix misuse of regmap_update_bits"
Previous message: Rafael J. Wysocki: "[PATCH 0/3] MAINTAINERS updates for cpufreq and cpuidle"
In reply to: Arnaldo Carvalho de Melo: "Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Date: Mon, 28 Nov 2016 06:26:49 -0800

> From: Eric Dumazet <edumazet@xxxxxxxxxx>
>
> pskb_may_pull() can reallocate skb->head, we need to reload dh pointer
> in dccp_invalid_packet() or risk use after free.
>
> Bug found by Andrey Konovalov using syzkaller.
>
> Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
> Reported-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>

Applied and queued up for -stable, thanks Eric.

Next message: Dmitry Torokhov: "Re: [PATCH 1/2] Input: drv2665: Fix misuse of regmap_update_bits"
Previous message: Rafael J. Wysocki: "[PATCH 0/3] MAINTAINERS updates for cpufreq and cpuidle"
In reply to: Arnaldo Carvalho de Melo: "Re: [PATCH net] net/dccp: fix use-after-free in dccp_invalid_packet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]