From: Sabrina Dubroca <sd@queasysnail.net>
Date: Wed, 19 Jul 2017 20:28:55 +0000 (+0200)
Subject: ipv6: avoid overflow of offset in ip6_find_1stfragopt
X-Git-Tag: v3.2.92~4
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5a5d1b1cb8449c77d3cb1663649391635228cff;p=pandora-kernel.git

ipv6: avoid overflow of offset in ip6_find_1stfragopt

commit 6399f1fae4ec29fab5ec76070435555e256ca3a6 upstream.

In some cases, offset can overflow and can cause an infinite loop in
ip6_find_1stfragopt(). Make it unsigned int to prevent the overflow, and
cap it at IPV6_MAXPLEN, since packets larger than that should be invalid.

This problem has been here since before the beginning of git history.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 3.2: adjust filename, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

Reading git-diff-tree failed