On Sun, May 13, 2018 at 08:23:49PM -0400, David Miller wrote: > From: Eric Dumazet <[email protected]> > Date: Sat, 12 May 2018 02:49:30 -0700 > > > syzbot found a way to trigger an infinitie loop by overflowing > > @offset variable that has been forced to use u16 for some very > > obscure reason in the past. > > > > We probably want to look at NEXTHDR_FRAGMENT handling which looks > > wrong, in a separate patch. > > > > In net-next, we shall try to use skb_header_pointer() instead of > > pskb_may_pull(). > ... > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > > Signed-off-by: Eric Dumazet <[email protected]> > > Cc: Steffen Klassert <[email protected]> > > Cc: Nicolas Dichtel <[email protected]> > > Reported-by: [email protected] > > Steffen, I am assuming you will pick this up.
Yes, now applied to the ipsec tree. Thanks a lot Eric!
