[PATCH net 3/3] rxrpc: Fix RESPONSE packet verification to extract skb to a linear buffer

[Jakub Kicinski]

On Mon, 11 May 2026 17:07:49 +0100 David Howells wrote:
> This improves the fix for CVE-2026-43500.
> 
> Fix the verification of RESPONSE packets to avoid the problem of
> overwriting a RESPONSE packet sent via splice to a local address by
> extracting the contents of the UDP packet into a kmalloc'd linear buffer
> rather than decrypting the data in place in the sk_buff (which may corrupt
> the original buffer).

net/rxrpc/conn_event.c:254:10: warning: variable 'ret' is uninitialized when used here [-Wuninitialized]
  254 |                 return ret;
      |                        ^~~
net/rxrpc/conn_event.c:250:9: note: initialize the variable 'ret' to silence this warning
  250 |         int ret;
      |                ^
      |                 = 0