3.2-stable review patch. If anyone has any objections, please let me know.
------------------ From: Eric Dumazet <[email protected]> [ Upstream commit 4ec7ac1203bcf21f5e3d977c9818b1a56c9ef40d ] Commit bc416d9768 (macvlan: handle fragmented multicast frames) added a possible use after free in macvlan_handle_frame(), since ip_check_defrag() uses pskb_may_pull() : skb header can be reallocated. Signed-off-by: Eric Dumazet <[email protected]> Cc: Ben Greear <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- drivers/net/macvlan.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c @@ -172,6 +172,7 @@ static rx_handler_result_t macvlan_handl skb = ip_check_defrag(skb, IP_DEFRAG_MACVLAN); if (!skb) return RX_HANDLER_CONSUMED; + eth = eth_hdr(skb); src = macvlan_hash_lookup(port, eth->h_source); if (!src) /* frame comes from an external address */ -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
