21b995a9cb093fff33ec91d7cb3822b882a90a1e - kernel/msm-4.19

commit	21b995a9cb093fff33ec91d7cb3822b882a90a1e	[log] [tgz]
author	Eric Dumazet <edumazet@google.com>	Mon Jan 23 16:43:05 2017 -0800
committer	David S. Miller <davem@davemloft.net>	Tue Jan 24 14:53:24 2017 -0500
tree	e7f434a5d9961bd65a461dffe8c7a010dd74ecca
parent	d0fa28f00052391b5df328f502fbbdd4444938b7 [diff]

ip6_tunnel: must reload ipv6h in ip6ip6_tnl_xmit()

Since ip6_tnl_parse_tlv_enc_lim() can call pskb_may_pull(),
we must reload any pointer that was related to skb->head
(or skb->data), or risk use after free.

Fixes: c12b395a4664 ("gre: Support GRE over IPv6")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Dmitry Kozlov <xeb@mail.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/ipv6/ip6_gre.c[diff]
net/ipv6/ip6_tunnel.c[diff]

2 files changed

tree: e7f434a5d9961bd65a461dffe8c7a010dd74ecca