From: Eric Dumazet <edumazet@google.com>
Date: Thu, 3 Nov 2016 03:30:48 +0000 (-0700)
Subject: ipv6: dccp: fix out of bound access in dccp_v6_err()
X-Git-Tag: v3.2.87~31
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ca7e66fcce02459fa6961979f9fe30ae1098cf0;p=pandora-kernel.git

ipv6: dccp: fix out of bound access in dccp_v6_err()

[ Upstream commit 1aa9d1a0e7eefcc61696e147d123453fc0016005 ]

dccp_v6_err() does not use pskb_may_pull() and might access garbage.

We only need 4 bytes at the beginning of the DCCP header, like TCP,
so the 8 bytes pulled in icmpv6_notify() are more than enough.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 3.2: use offsetof() + sizeof() instead of
 offsetofend()]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

Reading git-diff-tree failed