airo: Fix read overflows sending packets
commit 11e7a91994c29da96d847f676be023da6a2c1359 upstream.
The problem is that we always copy a minimum of ETH_ZLEN (60) bytes from
skb->data even when skb->len is less than ETH_ZLEN so it leads to a read
The fix is to pad skb->data to at least ETH_ZLEN bytes.
Reported-by: Hu Jiahui <email@example.com>
Signed-off-by: Dan Carpenter <firstname.lastname@example.org>
Reviewed-by: Eric Dumazet <email@example.com>
Signed-off-by: Kalle Valo <firstname.lastname@example.org>
Signed-off-by: Greg Kroah-Hartman <email@example.com>
1 file changed