summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorSabrina Dubroca <sd@queasysnail.net>2017-07-19 22:28:55 +0200
committerDavid S. Miller <davem@davemloft.net>2017-07-19 22:50:14 -0700
commit6399f1fae4ec29fab5ec76070435555e256ca3a6 (patch)
tree3bf30f18bbd1c9eb4b37786cba7fe73e70ea014b /kernel
parent1e6c22aef28364dcc5f03c04a05ec463bc2b3431 (diff)
downloadlinux-stable-6399f1fae4ec29fab5ec76070435555e256ca3a6.tar.gz
linux-stable-6399f1fae4ec29fab5ec76070435555e256ca3a6.tar.bz2
linux-stable-6399f1fae4ec29fab5ec76070435555e256ca3a6.zip
ipv6: avoid overflow of offset in ip6_find_1stfragopt
In some cases, offset can overflow and can cause an infinite loop in ip6_find_1stfragopt(). Make it unsigned int to prevent the overflow, and cap it at IPV6_MAXPLEN, since packets larger than that should be invalid. This problem has been here since before the beginning of git history. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel')
0 files changed, 0 insertions, 0 deletions