Searched hist:"6 ab6bf731354a6fdbaa617d1ec194960db61cf3b" (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/net/ipv6/ |
| H A D | ip6_output.c | diff 6ab6bf731354a6fdbaa617d1ec194960db61cf3b Tue Aug 20 11:08:58 CDT 2024 Eric Dumazet <edumazet@google.com> ipv6: fix possible UAF in ip6_finish_output2()
[ Upstream commit da273b377ae0d9bd255281ed3c2adb228321687b ]
If skb_expand_head() returns NULL, skb has been freed
and associated dst/idev could also have been freed.
We need to hold rcu_read_lock() to make sure the dst and
associated idev are alive.
Fixes: 5796015fa968 ("ipv6: allocate enough headroom in ip6_finish_output2()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Vasily Averin <vasily.averin@linux.dev>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20240820160859.3786976-3-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|