This is a backport of upstream changes to fix the FragmentSmack (CVE- 2018-5391) vulnerability. Peter Oskolkov checked an earlier version of this backport, but I have since rebased and added another 3 commits to it. I tested with the ip_defrag.sh self-test that he added upstream, and it passed. I have included the fix that is currently queued for the 4.9, 4.14 and 4.19 branches. Ben. -- Ben Hutchings, Software Developer Codethink Ltd https://www.codethink.co.uk/ Dale House, 35 Dale Street Manchester, M1 2HF, United Kingdom
Attachment:
security-4.4-fragmentsmack.mbox
Description: application/mbox