2017-04-25, 19:08:18 +0200, Jason A. Donenfeld wrote:
> We call skb_cow_data, which is good anyway to ensure we can actually
> modify the skb as such (another error from prior). Now that we have the
> number of fragments required, we can safely allocate exactly that amount
> of memory.
>
> Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx>
> Cc: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
> Cc: security@xxxxxxxxxx
> Cc: stable@xxxxxxxxxxxxxxx
Acked-by: Sabrina Dubroca <sd@xxxxxxxxxxxxxxx>
Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver")
Fixes: CVE-2017-7477
David, this fix is essentially equivalent to my patch "macsec: avoid
heap overflow in skb_to_sgvec on receive". Feel free to pick my patch
if you prefer (it's smaller), but this looks ok to me.
Thanks,
--
Sabrina