ipv4: fix ip header ident selection in __ip_make_skb()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Christian Casteyde reported a kmemcheck 32-bit read from uninitialized
memory in __ip_select_ident().

It turns out that __ip_make_skb() called ip_select_ident() before
properly initializing iph->daddr.

This is a bug uncovered by commit 1d861aa4b3fb (inet: Minimize use of
cached route inetpeer.)

Addresses https://bugzilla.kernel.org/show_bug.cgi?id=46131

Reported-by: Christian Casteyde <casteyde.christian@free.fr>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Eric Dumazet and committed by

David S. Miller 13 years ago a9915a1b 1a7b27c9

+1 -1

1 changed file

expand all

net

ipv4

ip_output.c

+1 -1

net/ipv4/ip_output.c

··· 1338 1338 iph->ihl = 5; 1339 1339 iph->tos = inet->tos; 1340 1340 iph->frag_off = df; 1341 - ip_select_ident(iph, &rt->dst, sk); 1342 1341 iph->ttl = ttl; 1343 1342 iph->protocol = sk->sk_protocol; 1344 1343 ip_copy_addrs(iph, fl4); 1344 + ip_select_ident(iph, &rt->dst, sk); 1345 1345 1346 1346 if (opt) { 1347 1347 iph->ihl += opt->optlen>>2;