In some cases, offset can overflow and can cause an infinite loop in
ip6_find_1stfragopt(). Make it unsigned int to prevent the overflow, and
cap it at IPV6_MAXPLEN, since packets larger than that should be invalid.
This problem has been here since before the beginning of git history.
On Thu, Nov 30, 2017 at 02:13:48PM +0100, Kleber Sacilotto de Souza wrote:
> Clean cherry-pick for Trusty and Zesty, the other supported series are
> either not affected or have already been fixed.
> Sabrina Dubroca (1):
> ipv6: avoid overflow of offset in ip6_find_1stfragopt
You also need to pick 3de33e1ba0506723ab25734e098cf280ecc34756 ("ipv6:
accept 64k - 1 packet length in ip6_find_1stfragopt()").