* ipmr_get_route()
@ 2004-08-31 0:14 David S. Miller
0 siblings, 0 replies; only message in thread
From: David S. Miller @ 2004-08-31 0:14 UTC (permalink / raw)
To: netdev
This is very broken.
It gets called only by rt_fill_info() to get multicast routing
information from ipmr.c, the skb it passes in is the rtnetlink
message.
But look at what ipmr_get_route() actually does. If the cache
entry cannot be found, it tries to build an IPV4 packet using
this packet to resolve the missing cache entry!
I think we don't crash here only because most of the time the
user has not specified an explicit input interface in the route
lookup request, and therefore skb->dev is NULL when ipmr_get_route()
takes a look at it.
Nevertheless things are seriously busted here. Any takers to
fix this thing up? :-)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-08-31 0:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-31 0:14 ipmr_get_route() David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).