linux

History

Eric Dumazet 648f0c28df net/dccp: fix use-after-free in dccp_invalid_packet pskb_may_pull() can reallocate skb->head, we need to reload dh pointer in dccp_invalid_packet() or risk use after free. Bug found by Andrey Konovalov using syzkaller. Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2016-11-29 20:37:26 -05:00
..
ccids
ackvec.c
ackvec.h
ccid.c
ccid.h
dccp.h	net: snmp: kill STATS_BH macros	2016-04-27 22:48:25 -04:00
diag.c
feat.c
feat.h
input.c	dccp: do not assume DCCP code is non preemptible	2016-05-02 17:02:25 -04:00
ipv4.c	net/dccp: fix use-after-free in dccp_invalid_packet	2016-11-29 20:37:26 -05:00
ipv6.c	ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped	2016-11-03 16:50:27 -04:00
ipv6.h
Kconfig
Makefile
minisocks.c	dccp: rename DCCP_INC_STATS_BH()	2016-04-27 22:48:22 -04:00
options.c	dccp: do not assume DCCP code is non preemptible	2016-05-02 17:02:25 -04:00
output.c
probe.c
proto.c	dccp: do not send reset to already closed sockets	2016-11-03 16:16:51 -04:00
qpolicy.c
sysctl.c
timer.c	net: rename NET_{ADD\|INC}_STATS_BH()	2016-04-27 22:48:24 -04:00