net: initialize skb->peeked when cloning

syzbot reported __skb_try_recv_from_queue() was using skb->peeked while it was potentially unitialized. We need to clear it in __skb_clone() Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Dumazet <edumazet@google.com> 2018-04-07 22:42:39 +0200
committer: David S. Miller <davem@davemloft.net> 2018-04-08 04:32:31 +0200
commit: b13dda9f9aa7caceeee61c080c2e544d5f5d85e5 (patch)
tree: 9a5d1163611e1f95613f9f9ef43355c74357d884 /net/core
parent: net: fix rtnh_ok() (diff)
download: linux-b13dda9f9aa7caceeee61c080c2e544d5f5d85e5.tar.xz
linux-b13dda9f9aa7caceeee61c080c2e544d5f5d85e5.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 1bca1e0fc8f7..345b51837ca8 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -857,6 +857,7 @@ static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb)
 	n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
 	n->cloned = 1;
 	n->nohdr = 0;
+	n->peeked = 0;
 	n->destructor = NULL;
 	C(tail);
 	C(end);
author	Eric Dumazet <edumazet@google.com>	2018-04-07 22:42:39 +0200
committer	David S. Miller <davem@davemloft.net>	2018-04-08 04:32:31 +0200
commit	b13dda9f9aa7caceeee61c080c2e544d5f5d85e5 (patch)
tree	9a5d1163611e1f95613f9f9ef43355c74357d884 /net/core
parent	net: fix rtnh_ok() (diff)
download	linux-b13dda9f9aa7caceeee61c080c2e544d5f5d85e5.tar.xz linux-b13dda9f9aa7caceeee61c080c2e544d5f5d85e5.zip