Bug#782561: please backport commit ccfe8c3f7e52 from upstream
On Mon, Apr 20, 2015 at 03:26:48PM +0800, Herbert Xu wrote:
> OK I have reviewed this and indeed it does appear that the bug
> can be triggered. The trick appears to be making sure that your
> input packet is fragmented. That should then activate the kmalloc
> path and lead to the memory corruption.
Yes that matches my testcase, the traffic I mentioned involves DNS
replies that are larger than the MTU and are sent as IP fragments.
--
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/
Reply to: