Google Git
Sign in
kernel / pub / scm / linux / kernel / git / khilman / linux / 6399f1fae4ec29fab5ec76070435555e256ca3a6
commit6399f1fae4ec29fab5ec76070435555e256ca3a6[log] [tgz]
authorSabrina Dubroca <sd@queasysnail.net>Wed Jul 19 22:28:55 2017 +0200
committerDavid S. Miller <davem@davemloft.net>Wed Jul 19 22:50:14 2017 -0700
tree3bf30f18bbd1c9eb4b37786cba7fe73e70ea014b
parent1e6c22aef28364dcc5f03c04a05ec463bc2b3431 [diff]
ipv6: avoid overflow of offset in ip6_find_1stfragopt

In some cases, offset can overflow and can cause an infinite loop in
ip6_find_1stfragopt(). Make it unsigned int to prevent the overflow, and
cap it at IPV6_MAXPLEN, since packets larger than that should be invalid.

This problem has been here since before the beginning of git history.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: 3bf30f18bbd1c9eb4b37786cba7fe73e70ea014b
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README