ipv6: fix potential UAF caused by ip6_forward_proxy_check()
ip6_forward_proxy_check() calls pskb_may_pull() which might re-allocate
skb->head.
Reload ipv6_hdr() after the pskb_may_pull() call to avoid using
the freed memory.
Fixes: e21e0b5f19ac ("[IPV6] NDISC: Handle NDP messages to proxied addresses.")
Reported-by: Damiano Melotti <melotti@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Link: https://patch.msgid.link/20260505130056.2927197-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
projects / thirdparty / kernel / linux.git / commit
