From: Eric Dumazet <eric.dumazet@xxxxxxxxx> Date: Mon, 28 Nov 2016 06:26:49 -0800 > From: Eric Dumazet <edumazet@xxxxxxxxxx> > > pskb_may_pull() can reallocate skb->head, we need to reload dh pointer > in dccp_invalid_packet() or risk use after free. > > Bug found by Andrey Konovalov using syzkaller. > > Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> > Reported-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx> Applied and queued up for -stable, thanks Eric. -- To unsubscribe from this list: send the line "unsubscribe dccp" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
