Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net/ipv6/netfilter
History
Florian Westphal 283a8c8491 netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt 
commit b078556aecd791b0e5cb3a59f4c3a14273b52121 upstream.

l4proto->manip_pkt() can cause reallocation of skb head so pointer
to the ipv6 header must be reloaded.

Change-Id: Ib9d20d8a0c62e880ed2adc6ee666654c47ceb7f9
Reported-and-tested-by: <syzbot+10005f4292fc9cc89de7@syzkaller.appspotmail.com>
Fixes: 58a317f106 ("netfilter: ipv6: add IPv6 NAT support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 		2019-07-27 22:08:32 +02:00
..
Kconfig Revert "netfilter: have ip*t REJECT set the sock err when an icmp is to be sent" 2019-07-27 21:51:03 +02:00
Makefile
ip6_tables.c netfilter: x_tables: introduce and use xt_copy_counters_from_user 2019-07-27 21:41:45 +02:00
ip6t_MASQUERADE.c
ip6t_NPT.c
ip6t_REJECT.c Revert "netfilter: have ip*t REJECT set the sock err when an icmp is to be sent" 2019-07-27 21:51:03 +02:00
ip6t_ah.c
ip6t_eui64.c
ip6t_frag.c
ip6t_hbh.c
ip6t_ipv6header.c
ip6t_mh.c
ip6t_rpfilter.c
ip6t_rt.c
ip6table_filter.c
ip6table_mangle.c
ip6table_nat.c
ip6table_raw.c
ip6table_security.c
nf_conntrack_l3proto_ipv6.c netfilter: on sockopt() acquire sock lock only in the required scope 2019-07-27 21:49:18 +02:00
nf_conntrack_proto_icmpv6.c
nf_conntrack_reasm.c netfilter: ipv6: nf_defrag: reduce struct net memory waste 2019-07-27 21:52:53 +02:00
nf_defrag_ipv6_hooks.c
nf_nat_l3proto_ipv6.c netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt 2019-07-27 22:08:32 +02:00
nf_nat_proto_icmpv6.c