From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
torvalds@osdl.org, akpm@osdl.org, alan@lxorguk.ukuu.org.uk,
netdev-core@vger.kernel.org, yoshfuji@linux-ipv6.org,
Greg Kroah-Hartman <gregkh@suse.de>
Subject: [patch 11/22] IPV6: XFRM: Dont use old copy of pointer after pskb_may_pull().
Date: Thu, 20 Apr 2006 21:39:01 -0700 [thread overview]
Message-ID: <20060421043901.GL12846@kroah.com> (raw)
In-Reply-To: <20060421043706.GA12846@kroah.com>
[-- Attachment #1: ipv6-xfrm-don-t-use-old-copy-of-pointer-after-pskb_may_pull.patch --]
[-- Type: text/plain, Size: 1005 bytes --]
[IPV6] XFRM: Don't use old copy of pointer after pskb_may_pull().
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
---
net/ipv6/xfrm6_policy.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- linux-2.6.16.9.orig/net/ipv6/xfrm6_policy.c
+++ linux-2.6.16.9/net/ipv6/xfrm6_policy.c
@@ -193,7 +193,7 @@ _decode_session6(struct sk_buff *skb, st
{
u16 offset = sizeof(struct ipv6hdr);
struct ipv6hdr *hdr = skb->nh.ipv6h;
- struct ipv6_opt_hdr *exthdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset);
+ struct ipv6_opt_hdr *exthdr;
u8 nexthdr = skb->nh.ipv6h->nexthdr;
memset(fl, 0, sizeof(struct flowi));
@@ -201,6 +201,8 @@ _decode_session6(struct sk_buff *skb, st
ipv6_addr_copy(&fl->fl6_src, &hdr->saddr);
while (pskb_may_pull(skb, skb->nh.raw + offset + 1 - skb->data)) {
+ exthdr = (struct ipv6_opt_hdr*)(skb->nh.raw + offset);
+
switch (nexthdr) {
case NEXTHDR_ROUTING:
case NEXTHDR_HOP:
--
next prev parent reply other threads:[~2006-04-21 4:45 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20060421043353.602539000@blue.kroah.org>
2006-04-21 4:37 ` [patch 00/22] 2.6.16-stable review cycle Greg KH
2006-04-21 4:37 ` [patch 01/22] 3ware: kmap_atomic() fix Greg KH
2006-04-21 4:37 ` [patch 02/22] 3ware 9000 disable local irqs during kmap_atomic Greg KH
2006-04-21 4:37 ` [patch 03/22] efficeon-agp: Add missing memory mask Greg KH
2006-04-21 4:37 ` [patch 04/22] : Fix truesize underflow Greg KH
2006-04-21 4:37 ` [patch 05/22] : Fix hotplug race during device registration Greg KH
2006-04-21 4:38 ` [patch 06/22] i2c-i801: Fix resume when PEC is used Greg KH
2006-04-21 4:38 ` [patch 07/22] MTD_NAND_SHARPSL and MTD_NAND_NANDSIM should be tristates Greg KH
2006-04-21 4:38 ` [patch 08/22] PPC: fix oops in alsa powermac driver Greg KH
2006-04-21 4:38 ` [patch 09/22] selinux: Fix MLS compatibility off-by-one bug Greg KH
2006-04-21 4:38 ` [patch 10/22] IPV6: Ensure to have hop-by-hop options in our header of &sk_buff Greg KH
2006-04-21 4:39 ` Greg KH [this message]
2006-04-21 4:39 ` [patch 12/22] IPV6: XFRM: Fix decoding session with preceding extension header(s) Greg KH
2006-04-21 4:39 ` [patch 13/22] x86: dont allow tail-calls in sys_ftruncate() Greg KH
2006-04-21 4:39 ` [patch 18/22] Fix file lookup without ref Greg KH
2006-04-21 4:39 ` [patch 17/22] IPC: access to unmapped vmalloc area in grow_ary() Greg KH
2006-04-21 4:39 ` [patch 16/22] m41t00: fix bitmasks when writing to chip Greg KH
2006-04-21 4:39 ` [patch 15/22] Open IPMI BT overflow Greg KH
2006-04-21 4:39 ` [patch 14/22] x86: be careful about tailcall breakage for sys_opentoo Greg KH
2006-04-21 4:39 ` [patch 22/22] Add more prevent_tail_call() Greg KH
2006-04-21 4:39 ` [patch 21/22] alim15x3: ULI M-1573 south Bridge support Greg KH
2006-04-21 4:40 ` [patch 20/22] apm: fix Armada laptops again Greg KH
2006-04-21 4:40 ` [patch 19/22] fbdev: Fix return error of fb_write Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060421043901.GL12846@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev-core@vger.kernel.org \
--cc=rdunlap@xenotime.net \
--cc=stable@kernel.org \
--cc=torvalds@osdl.org \
--cc=tytso@mit.edu \
--cc=yoshfuji@linux-ipv6.org \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.