subject:"\[PATCH 3.16 123\/294\] ipv6\: reset fn\->rr_ptr when replacing route"

[PATCH 3.16 123/294] ipv6: reset fn->rr_ptr when replacing route

2017-11-06 Thread Ben Hutchings

3.16.50-rc1 review patch. If anyone has any objections, please let me know. -- From: Wei Wang commit 383143f31d7d3525a1dbff733d52fff917f82f15 upstream. syzcaller reported the following use-after-free issue in rt6_select(): BUG: KASAN: use-after-free in

[PATCH 3.16 123/294] ipv6: reset fn->rr_ptr when replacing route

2017-11-06 Thread Ben Hutchings

3.16.50-rc1 review patch. If anyone has any objections, please let me know. -- From: Wei Wang commit 383143f31d7d3525a1dbff733d52fff917f82f15 upstream. syzcaller reported the following use-after-free issue in rt6_select(): BUG: KASAN: use-after-free in rt6_select