net: initialize skb->peeked when cloning

BugLink: http://bugs.launchpad.net/bugs/1774173 commit b13dda9f upstream. syzbot reported __skb_try_recv_from_queue() was using skb->peeked while it was potentially unitialized. We need to clear it in __skb_clone() Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Juerg Haefliger <juergh@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

net: initialize skb->peeked when cloning
BugLink: http://bugs.launchpad.net/bugs/1774173 commit b13dda9f upstream. syzbot reported __skb_try_recv_from_queue() was using skb->peeked while it was potentially unitialized. We need to clear it in __skb_clone() Fixes: 1da177e4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Juerg Haefliger <juergh@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
2c52c1ed · Eric Dumazet · Stefan Bader · 2cfbe3b9 · 2c52c1ed
Commit 2c52c1ed authored Apr 07, 2018 by Eric Dumazet Committed by Stefan Bader Jun 07, 2018
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

net/core/skbuff.c net/core/skbuff.c +1 -0

No files found.
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -898,6 +898,7 @@ static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb)
 	n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
 	n->cloned = 1;
 	n->nohdr = 0;
+	n->peeked = 0;
 	n->destructor = NULL;
 	C(tail);
 	C(end);