voidanix
/
android_kernel_lge_bullhead
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
android_kernel_lge_bullhead/net/ieee802154
History
Daniel Borkmann 3ac993d473 net: 6lowpan: fix lowpan_header_create non-compression memcpy call 
commit 965801e1eb624154fe5e9dc5d2ff0b7f1951a11c upstream.

In function lowpan_header_create(), we invoke the following code
construct:

  struct ipv6hdr *hdr;
  ...
  hdr = ipv6_hdr(skb);
  ...
  if (...)
    memcpy(hc06_ptr + 1, &hdr->flow_lbl[1], 2);
  else
    memcpy(hc06_ptr, &hdr, 4);

Where the else path of the condition, that is, non-compression
path, calls memcpy() with a pointer to struct ipv6hdr *hdr as
source, thus two levels of indirection. This cannot be correct,
and likely only one level of pointer was intended as source
buffer for memcpy() here.

Fixes: 44331fe2aa ("IEEE802.15.4: 6LoWPAN basic support")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Alexander Smirnov <alex.bluesman.smirnov@gmail.com>
Cc: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Cc: Werner Almesberger <werner@almesberger.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
 		2017-06-08 00:47:00 +02:00
..
6lowpan.c net: 6lowpan: fix lowpan_header_create non-compression memcpy call 2017-06-08 00:47:00 +02:00
6lowpan.h 6lowpan: lowpan_is_iid_16_bit_compressable() does not detect compressible address correctly 2013-03-26 12:37:55 -04:00
Kconfig net/ieee802154: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:40:00 -08:00
Makefile IEEE802.15.4: 6LoWPAN basic support 2011-08-24 19:36:06 -07:00
af802154.h net: add IEEE 802.15.4 socket family implementation 2009-06-09 05:25:32 -07:00
af_ieee802154.c ieee802154: free skb buffer if dev isn't running 2011-06-30 16:18:09 +04:00
dgram.c inet: prevent leakage of uninitialized memory to user in recv syscalls 2013-12-08 07:29:25 -08:00
ieee802154.h ieee802154: add two nl802154 helpers 2009-11-06 14:32:21 +03:00
netlink.c netlink: fix the warning introduced by netlink API replacement 2013-03-29 14:44:37 -04:00
nl-mac.c ieee802154/nl-mac.c: make some MLME operations optional 2013-04-08 12:00:16 -04:00
nl-phy.c ieee802154: Fix memory leak in ieee802154_add_iface() 2014-02-06 11:08:16 -08:00
nl_policy.c ieee802154: add LIST_PHY command support 2009-11-06 14:31:22 +03:00
raw.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
wpan-class.c driver-core: constify data for class_find_device() 2013-02-06 12:18:56 -08:00