Hi,
In the bridge driver we have a couple of places which call pskb_may_pull
but we've cached skb pointers before that and use them after which can
lead to out-of-bounds/stale pointer use. I've had these in my "to fix"
list for some time and now we got a report (patch 01) so here they are.
Patches 02-04 are fixes based on code inspection. Also patch 01 was
tested by Martin Weinelt, Martin if you don't mind please add your
tested-by tag to it by replying with Tested-by: name <email>.
I've also briefly tested the set by trying to exercise those code paths.
Thanks,
Nik
Nikolay Aleksandrov (4):
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report
handling
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: don't cache ether dest pointer on input
net: bridge: stp: don't cache eth dest pointer before skb pull
net/bridge/br_input.c | 8 +++-----
net/bridge/br_multicast.c | 23 +++++++++++++----------
net/bridge/br_stp_bpdu.c | 3 +--
3 files changed, 17 insertions(+), 17 deletions(-)
--
2.21.0
