* [patches] invalid nh.raw use after free
@ 2003-07-15 23:41 Julian Anastasov
2003-07-16 2:17 ` David S. Miller
0 siblings, 1 reply; 4+ messages in thread
From: Julian Anastasov @ 2003-07-15 23:41 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev
[-- Attachment #1: Type: TEXT/PLAIN, Size: 213 bytes --]
Hello,
The attached patches fix similar bug to many places (I'm not
sure if there are more instances), where pointers remain to refer to
freed skbs. For 2.5 and 2.4.
Regards
--
Julian Anastasov <ja@ssi.bg>
[-- Attachment #2: ipip --]
[-- Type: TEXT/PLAIN, Size: 305 bytes --]
--- linux/net/ipv4/ipip.c.old_iph Sat Jul 12 11:09:29 2003
+++ linux/net/ipv4/ipip.c Wed Jul 16 02:18:41 2003
@@ -616,6 +616,7 @@
skb_set_owner_w(new_skb, skb->sk);
dev_kfree_skb(skb);
skb = new_skb;
+ old_iph = skb->nh.iph;
}
skb->nh.raw = skb_push(skb, sizeof(struct iphdr));
[-- Attachment #3: ip_gre --]
[-- Type: TEXT/PLAIN, Size: 297 bytes --]
--- linux/net/ipv4/ip_gre.c.old_iph Sat Jul 12 11:09:29 2003
+++ linux/net/ipv4/ip_gre.c Wed Jul 16 02:12:56 2003
@@ -816,6 +816,7 @@
skb_set_owner_w(new_skb, skb->sk);
dev_kfree_skb(skb);
skb = new_skb;
+ old_iph = skb->nh.iph;
}
skb->nh.raw = skb_push(skb, gre_hlen);
[-- Attachment #4: sit --]
[-- Type: TEXT/PLAIN, Size: 303 bytes --]
--- linux/net/ipv6/sit.c.old_iph6 Sat Jul 12 11:09:29 2003
+++ linux/net/ipv6/sit.c Wed Jul 16 02:23:06 2003
@@ -550,6 +550,7 @@
skb_set_owner_w(new_skb, skb->sk);
dev_kfree_skb(skb);
skb = new_skb;
+ iph6 = skb->nh.ipv6h;
}
skb->nh.raw = skb_push(skb, sizeof(struct iphdr));
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patches] invalid nh.raw use after free
2003-07-15 23:41 [patches] invalid nh.raw use after free Julian Anastasov
@ 2003-07-16 2:17 ` David S. Miller
2003-07-16 7:09 ` Julian Anastasov
0 siblings, 1 reply; 4+ messages in thread
From: David S. Miller @ 2003-07-16 2:17 UTC (permalink / raw)
To: Julian Anastasov; +Cc: netdev
On Wed, 16 Jul 2003 02:41:00 +0300 (EEST)
Julian Anastasov <ja@ssi.bg> wrote:
> The attached patches fix similar bug to many places (I'm not
> sure if there are more instances), where pointers remain to refer to
> freed skbs. For 2.5 and 2.4.
Good catch, I'll apply this.
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patches] invalid nh.raw use after free
2003-07-16 2:17 ` David S. Miller
@ 2003-07-16 7:09 ` Julian Anastasov
2003-07-16 7:17 ` David S. Miller
0 siblings, 1 reply; 4+ messages in thread
From: Julian Anastasov @ 2003-07-16 7:09 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev
Hello,
On Tue, 15 Jul 2003, David S. Miller wrote:
> > sure if there are more instances), where pointers remain to refer to
> > freed skbs. For 2.5 and 2.4.
>
> Good catch, I'll apply this.
Please, apply also to 2.2
Regards
--
Julian Anastasov <ja@ssi.bg>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patches] invalid nh.raw use after free
2003-07-16 7:09 ` Julian Anastasov
@ 2003-07-16 7:17 ` David S. Miller
0 siblings, 0 replies; 4+ messages in thread
From: David S. Miller @ 2003-07-16 7:17 UTC (permalink / raw)
To: Julian Anastasov; +Cc: netdev
On Wed, 16 Jul 2003 10:09:02 +0300 (EEST)
Julian Anastasov <ja@ssi.bg> wrote:
> On Tue, 15 Jul 2003, David S. Miller wrote:
>
> > Good catch, I'll apply this.
>
> Please, apply also to 2.2
Please forward to Alan for that, I don't have the
resources to maintain 2.2.x along with all the other
stuff.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2003-07-16 7:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-07-15 23:41 [patches] invalid nh.raw use after free Julian Anastasov
2003-07-16 2:17 ` David S. Miller
2003-07-16 7:09 ` Julian Anastasov
2003-07-16 7:17 ` David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).