Skip to content
Commit 878ecb08 authored by Gavrilov Ilia's avatar Gavrilov Ilia Committed by David S. Miller
Browse files

ipv6: Fix out-of-bounds access in ipv6_find_tlv() 



optlen is fetched without checking whether there is more than one byte to parse.
It can lead to out-of-bounds access.

Found by InfoTeCS on behalf of Linux Verification Center
(linuxtesting.org) with SVACE.

Fixes: c61a4043 ("[IPV6]: Find option offset by type.")
Signed-off-by: default avatarGavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent ba46c96d
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment