Kernel memory corruption in CIPSO labeled TCP packets processing.
Nazarov Sergey
s-nazarov at yandex.ru
Tue Jan 29 07:23:29 UTC 2019
29.01.2019, 01:18, "Paul Moore" <paul at paul-moore.com>:
> If we don't pass a skb into ip_options_compile(), meaning both "skb"
> and "rt" will be NULL, then I don't believe the option data will
> change. Am I missing something?
>
> --
> paul moore
> www.paul-moore.com
I mean, in cipso_v4_error we copy option data from skb before ip_options_compile call:
+ memcpy(opt->__data, (unsigned char *)&(ip_hdr(skb)[1]), opt->optlen);
But skb IP header data could be already changed by first call of ip_options_compile
when packet received.
More information about the Linux-security-module-archive
mailing list