git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Eric Dumazet <edumazet@google.com>
	Tue, 10 Mar 2015 13:27:10 +0000 (14:27 +0100)
committer	Jiri Slaby <jslaby@suse.cz>
	Tue, 10 Mar 2015 16:21:38 +0000 (17:21 +0100)
commit	7baf34ccb79c727f55b41cc4e5f2bdb40dcf5010
tree	08fbd92d291d5c9927868ea5464456b4165e5899	tree
parent	c34a4c75777ab9354db9c2d2eb234ce87e45f0bf	commit \| diff

netfilter: xt_socket: fix a stack corruption bug

[ upstream commit 78296c97ca1fd3b104f12e1f1fbc06c46635990b ]

As soon as extract_icmp6_fields() returns, its local storage (automatic
variables) is deallocated and can be overwritten.

Lets add an additional parameter to make sure storage is valid long
enough.

While we are at it, adds some const qualifiers.

Cc: <stable@vger.kernel.org> # 3.12.x
Cc: <stable@vger.kernel.org> # 3.14.x
Cc: <stable@vger.kernel.org> # 3.18.x
Cc: <stable@vger.kernel.org> # 3.19.x
Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes: b64c9256a9b76 ("tproxy: added IPv6 support to the socket match")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>