xfrm4: Fix uninitialized memory read in _decode_session4 (c3877029) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux

Commit c3877029 authored Feb 26, 2019 by

Steffen Klassert Committed by Ben Hutchings Aug 13, 2019

xfrm4: Fix uninitialized memory read in _decode_session4

commit 8742dc86 upstream.

We currently don't reload pointers pointing into skb header
after doing pskb_may_pull() in _decode_session4(). So in case
pskb_may_pull() changed the pointers, we read from random
memory. Fix this by putting all the needed infos on the
stack, so that we don't need to access the header pointers
after doing pskb_may_pull().

Fixes: 1da177e4

 ("Linux-2.6.12-rc2")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

parent 8e9ba7fb

Hide whitespace changes

Inline Side-by-side

Please register or to comment