From: Wei Wang <[email protected]> Date: Wed, 16 Aug 2017 11:18:09 -0700
> From: Wei Wang <[email protected]> > > syzcaller reported the following use-after-free issue in rt6_select(): ... > The root cause of it is that in fib6_add_rt2node(), when it replaces an > existing route with the new one, it does not update fn->rr_ptr. > This commit resets fn->rr_ptr to NULL when it points to a route which is > replaced in fib6_add_rt2node(). > > Fixes: 27596472473a ("ipv6: fix ECMP route replacement") > Signed-off-by: Wei Wang <[email protected]> > Acked-by: Eric Dumazet <[email protected]> Applied and queued up for -stable, thanks.
