subject:"\[PATCH net\] vlan\: Fix reading memory beyond skb\->tail in skb_vlan_tagged_multi"

Re: [PATCH net] vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi

2018-04-17 Thread David Miller

From: Toshiaki Makita Date: Tue, 17 Apr 2018 18:46:14 +0900 > Syzkaller spotted an old bug which leads to reading skb beyond tail by 4 > bytes on vlan tagged packets. > This is caused because skb_vlan_tagged_multi() did not check > skb_headlen. ... > Fixes:

[PATCH net] vlan: Fix reading memory beyond skb->tail in skb_vlan_tagged_multi

2018-04-17 Thread Toshiaki Makita

Syzkaller spotted an old bug which leads to reading skb beyond tail by 4 bytes on vlan tagged packets. This is caused because skb_vlan_tagged_multi() did not check skb_headlen. BUG: KMSAN: uninit-value in eth_type_vlan include/linux/if_vlan.h:283 [inline] BUG: KMSAN: uninit-value in