[patch 11/76] IPV6: dst_entry leak in ip4ip6_err.

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <linux-kernel@...>, <stable@...>

Cc: Justin Forbes <jmforbes@...>, Zwane Mwaikambo <zwane@...>, Theodore Ts'o <tytso@...>, Randy Dunlap <rdunlap@...>, Dave Jones <davej@...>, Chuck Wolber <chuckw@...>, Chris Wedgwood <reviews@...>, Michael Krufky <mkrufky@...>, Chuck Ebbert <cebbert@...>, Domenico Andreoli <cavokz@...>, <torvalds@...>, <akpm@...>, <alan@...>, Denis V. Lunev <den@...>, David S Miller <davem@...>, Greg Kroah-Hartman <gregkh@...>

Subject: [patch 11/76] IPV6: dst_entry leak in ip4ip6_err.

Date: Friday, March 21, 2008 - 6:43 pm

-stable review patch.  If anyone has any objections, please let us know.
---------------------

From: Denis V. Lunev <den@openvz.org>

Upstream commit: 9937ded8e44de8865cba1509d24eea9d350cebf0

The result of the ip_route_output is not assigned to skb. This means that
- it is leaked
- possible OOPS below dereferrencing skb->dst
- no ICMP message for this case

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>

---
 net/ipv6/ip6_tunnel.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -550,6 +550,7 @@ ip4ip6_err(struct sk_buff *skb, struct i
 			ip_rt_put(rt);
 			goto out;
 		}
+		skb2->dst = (struct dst_entry *)rt;
 	} else {
 		ip_rt_put(rt);
 		if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos,

-- 
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[patch 11/76] IPV6: dst_entry leak in ip4ip6_err., Chris Wright, (Fri Mar 21, 6:43 pm)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Peter Zijlstra	[PATCH 6/6] sched: disabled rt-bandwidth by default
Alan Cox	Re: RFC: outb 0x80 in inb_p, outb_p harmful on some modern AMD64 with MCP51 laptops
Vegard Nossum	[RFC][PATCH] bitfields API
Pallipadi, Venkatesh	RE: 2.6.21-rc6-mm1
git:
Jan Holesovsky	[PATCH] RFC: git lazy clone proof-of-concept
Junio C Hamano	Re: [PATCH resend] make "git push" update origin and mirrors, "git push --mirror" ...
Nicolas Pitre	Re: [PATCH] diff-delta: produce optimal pack data
Sam Vilain	[PATCH] git-mergetool: add support for ediff
openbsd-misc:
Michael	QEMU /dev/tun issue with tun device number > 3 (more than 4 guests)
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Predrag Punosevac	Re: OpenBSD project goals
Nick Guenther	Re: how to clear dmesg outpout
linux-activists:
Stephen Pierce	SLS
C Wayne Huling	Re: Can males come from...
Les Andrzejewski	X386/WD90C31/SUMSUNG SYNC MASTER 4
David Willmore	Re: Intel, the Pentium and Linux

Latest forum posts


unable to remove block device driver module	5 hours ago	Linux kernel
Is there anything like Real-time drivers?	1 day ago	Linux general
I can't allocate more than 4 MB with pci_alloc_consistent	1 day ago	Linux kernel
Resetting the bios password for Toshiba Laptop	1 day ago	Hardware
Kernel panic while installing fedora core 5 or ubuntu	2 days ago	Hardware
Interactive Linux kernel map	2 days ago	Linux kernel
unable to add a variable in buffer_head struct	2 days ago	Linux kernel
Linux Input driver - setting scaling/resolution on USB mouse	3 days ago	Linux kernel
Merging Of Two File Systems	4 days ago	Linux kernel
4 fulltime software engineer positions near LAX MAC BSD Kernel Development	6 days ago	OpenBSD

Show all forums...

Colocation donated by:

Online users

Syndicate