airo: Fix read overflows sending packets

commit 11e7a91994c29da96d847f676be023da6a2c1359 upstream.

The problem is that we always copy a minimum of ETH_ZLEN (60) bytes from
skb->data even when skb->len is less than ETH_ZLEN so it leads to a read

The fix is to pad skb->data to at least ETH_ZLEN bytes.

Cc: <>
Reported-by: Hu Jiahui <>
Signed-off-by: Dan Carpenter <>
Reviewed-by: Eric Dumazet <>
Signed-off-by: Kalle Valo <>
Signed-off-by: Greg Kroah-Hartman <>

1 file changed