Commit eed7ba7b authored by Gavrilov Ilia's avatar Gavrilov Ilia Committed by sanglipeng
Browse files

ipv6: Fix out-of-bounds access in ipv6_find_tlv() 

stable inclusion
from stable-v5.10.181
commit e5f82688ae10f5f386952e65e941bb8868ee54dc
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8GJZJ

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e5f82688ae10f5f386952e65e941bb8868ee54dc



--------------------------------

commit 878ecb08 upstream.

optlen is fetched without checking whether there is more than one byte to parse.
It can lead to out-of-bounds access.

Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with SVACE.

Fixes: c61a4043 ("[IPV6]: Find option offset by type.")
Signed-off-by: default avatarGavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarsanglipeng <sanglipeng1@jd.com>
parent 60fee1aa
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment