2017-04-25, 19:08:18 +0200, Jason A. Donenfeld wrote: > We call skb_cow_data, which is good anyway to ensure we can actually > modify the skb as such (another error from prior). Now that we have the > number of fragments required, we can safely allocate exactly that amount > of memory. > > Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com> > Cc: Sabrina Dubroca <s...@queasysnail.net> > Cc: secur...@kernel.org > Cc: sta...@vger.kernel.org
Acked-by: Sabrina Dubroca <s...@queasysnail.net> Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") Fixes: CVE-2017-7477 David, this fix is essentially equivalent to my patch "macsec: avoid heap overflow in skb_to_sgvec on receive". Feel free to pick my patch if you prefer (it's smaller), but this looks ok to me. Thanks, -- Sabrina