Skip to content

Commit

Permalink
net: initialize skb->peeked when cloning
Browse files Browse the repository at this point in the history 
syzbot reported __skb_try_recv_from_queue() was using skb->peeked
while it was potentially unitialized.

We need to clear it in __skb_clone()

Fixes: 1da177e ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
@davem330
Eric Dumazet authored and davem330 committed Apr 8, 2018
1 parent b1993a2 commit b13dda9
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/core/skbuff.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -857,6 +857,7 @@ static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb)
n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
n->cloned = 1;
n->nohdr = 0;
n->peeked = 0;
n->destructor = NULL;
C(tail);
C(end);
Expand Down

0 comments on commit b13dda9

Please sign in to comment.