net: ipv4: fix for a race condition in raw_sendmsg
commit 8f659a03a0ba9289b9aeb9b4470e6fb263d6f483 upstream.
inet->hdrincl is racy, and could lead to uninitialized stack pointer
usage, so its value should be read only once.
Fixes: c008ba5bdc9f ("ipv4: Avoid reading user iov twice after raw_probe_proto_opt")
Signed-off-by: Mohamed Ghannam <simo.ghannam@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 3.2:
- flowi4 flags don't depend on hdrincl
- Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
CVE-2017-17712
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
Change-Id: I0b221046791a39b44ed2b005d02df9ec2d938534
1 file changed