diff options
author | Xin Long <lucien.xin@gmail.com> | 2023-03-08 00:31:28 +0300 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-03-08 16:25:39 +0300 |
commit | a7f1a2f43e683c8ffca691d45f2cb32c052158fa (patch) | |
tree | f570b8a9651b8b56a17c8e1ad2cf0a15f703efb7 /lib/uuid.c | |
parent | 9ccff83b1322f95da7a74784cf6f47a481e03dc5 (diff) | |
download | linux-a7f1a2f43e683c8ffca691d45f2cb32c052158fa.tar.xz |
netfilter: bridge: check len before accessing more nh data
In the while loop of br_nf_check_hbh_len(), similar to ip6_parse_tlv(),
before accessing 'nh[off + 1]', it should add a check 'len < 2'; and
before parsing IPV6_TLV_JUMBO, it should add a check 'optlen > len',
in case of overflows.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Reviewed-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'lib/uuid.c')
0 files changed, 0 insertions, 0 deletions