Kernel memory corruption in CIPSO labeled TCP packets processing.
paul at paul-moore.com
Mon Feb 11 20:37:25 UTC 2019
On Thu, Jan 31, 2019 at 8:20 AM Nazarov Sergey <s-nazarov at yandex.ru> wrote:
> 31.01.2019, 05:10, "Paul Moore" <paul at paul-moore.com>:
> > This isn't how the rest of the stack works, look at
> > ip_local_deliver_finish() for one example. Perhaps the behavior you
> > are proposing is correct, but please show me where in the various RFC
> > specs it is defined so that I can better understand why it should work
> > this way.
> > --
> > paul moore
> > www.paul-moore.com
> Sorry, I was inattentive. ip_options_compile modifies srr option data, only if
> skb is NULL. My last message could be ignored.
Do you plan on submitting these patches as a proper patchset for
review and merging?
More information about the Linux-security-module-archive