On Fri, 2017-01-06 at 08:43 -0800, Eric Dumazet wrote: > From: Eric Dumazet <eduma...@google.com> > > dccp_parse_options() improperly parses 12 or 16 bytes in excess, > because it forgets to subtract DCCP header len. > > This causes various issues, since these 12/16 bytes are part of the > payload and this might not even be present in skb->head, as > dccp_invalid_packet() only pulled everything but payload. > > KASAN complains since we might access uninitialized data.
Scratch that. Never send a patch before first coffee in the morning ;)
