Tree - kernel/kernel-source - Pagure for openSUSE

kernel / kernel-source

Source
Stats

Files

Commit: a07f7ac44cacae01a70ddaee4b6440c9e8a59054

Blob Blame History Raw

From: Dan Carpenter <dan.carpenter@oracle.com>
Date: Mon, 6 Aug 2018 22:17:35 +0300
Subject: ipv4: frags: precedence bug in ip_expire()
Patch-mainline: v4.19-rc1
Git-commit: 70837ffe3085c9a91488b52ca13ac84424da1042
References: CVE-2018-5391 bsc#1103097

We accidentally removed the parentheses here, but they are required
because '!' has higher precedence than '&'.

Fixes: fa0f527358bd ("ip: use rb trees for IP frag queue.")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Michal Kubecek <mkubecek@suse.cz>

---
 net/ipv4/ip_fragment.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -152,7 +152,7 @@ static void ip_expire(unsigned long arg)
 	__IP_INC_STATS(net, IPSTATS_MIB_REASMFAILS);
 	__IP_INC_STATS(net, IPSTATS_MIB_REASMTIMEOUT);

-	if (!qp->q.flags & INET_FRAG_FIRST_IN)
+	if (!(qp->q.flags & INET_FRAG_FIRST_IN))
 		goto out;

 	/* sk_buff::dev and sk_buff::rbnode are unionized. So we

kernel / kernel-source

Source Code

Files