git.openpandora.org / pandora-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b800532) | patch
net: ipv4: fix for a race condition in raw_sendmsg
authorMohamed Ghannam <simo.ghannam@gmail.com>
Sun, 10 Dec 2017 03:50:58 +0000 (03:50 +0000)
committerBen Hutchings <ben@decadent.org.uk>
Sat, 3 Mar 2018 15:50:46 +0000 (15:50 +0000)
commit8eec37d0e9039d5fbfc400324a06793b21ff24cd
tree7226ad51acdb97a5ed5e4ed62269c70963f6bfb0tree | snapshot
parentb800532602c7249778ea2af0c4bcbb583eaeb705commit | diff
net: ipv4: fix for a race condition in raw_sendmsg

commit 8f659a03a0ba9289b9aeb9b4470e6fb263d6f483 upstream.

inet->hdrincl is racy, and could lead to uninitialized stack pointer
usage, so its value should be read only once.

Fixes: c008ba5bdc9f ("ipv4: Avoid reading user iov twice after raw_probe_proto_opt")
Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 3.2:
 - flowi4 flags don't depend on hdrincl
 - Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
net/ipv4/raw.c diff | blob | history
Pandora Kernel Repository