[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#782561: please backport commit ccfe8c3f7e52 from upstream

On Mon, Apr 20, 2015 at 03:26:48PM +0800, Herbert Xu wrote:
> OK I have reviewed this and indeed it does appear that the bug
> can be triggered.  The trick appears to be making sure that your
> input packet is fragmented.  That should then activate the kmalloc
> path and lead to the memory corruption.

Yes that matches my testcase, the traffic I mentioned involves DNS
replies that are larger than the MTU and are sent as IP fragments.

-- 
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/
Reply to: