From: Shan Wei <shanwei@cn.fujitsu.com>
To: Thomas Dreibholz <dreibh@iem.uni-due.de>
Cc: netdev@vger.kernel.org, linux-sctp@vger.kernel.org,
Martin Becke <martin.becke@uni-due.de>
Subject: Re: [PATCH] net: SCTP NULL-pointer dereference problem description and fix
Date: Wed, 15 Sep 2010 16:44:24 +0800 [thread overview]
Message-ID: <4C908768.4040502@cn.fujitsu.com> (raw)
In-Reply-To: <201009151003.17407.dreibh@iem.uni-due.de>
Thomas Dreibholz wrote, at 09/15/2010 04:03 PM:
> sctp_assoc_update_retran_path() in net/sctp/associola.c may dereference a
> NULL-pointer when compiled with SCTP_DEBUG option: t will be NULL if there is
> no usable path for retransmission. SCTP_DEBUG_PRINTK_IPADDR() makes an access
> to t->ipaddr.v4.sin_port, without checking t before. t==NULL => oops.
>
> The patch below against 2.6.36-rc4 (git repository) simply ensures that t is
> checked for not being set to NULL before calling SCTP_DEBUG_PRINTK_IPADDR().
This bug has been reported by WeiYongjun and fixed by vlad for several months.
About the details see .
http://marc.info/?l=linux-sctp&m=127359276009851&w=2
But this patch is still in vlad's net-next tree, not in main tree.
See the patch:
http://git.kernel.org/?p=linux/kernel/git/vxy/lksctp-dev.git;a=commit;h=eb1639d206320e6a09168d6dd77306eaf5f02582
>
>
> Signed-off-by: Thomas Dreibholz <dreibh@iem.uni-due.de>
> ---
> diff --git a/net/sctp/associola.c b/net/sctp/associola.c
> index e41feff..b2688a4 100644
> --- a/net/sctp/associola.c
> +++ b/net/sctp/associola.c
> @@ -1321,15 +1321,15 @@ void sctp_assoc_update_retran_path(struct
> sctp_association *asoc)
> }
> }
>
> - if (t)
> + if (t) {
> asoc->peer.retran_path = t;
> -
> - SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_update_retran_path:association"
> - " %p addr: ",
> - " port: %d\n",
> - asoc,
> - (&t->ipaddr),
> - ntohs(t->ipaddr.v4.sin_port));
> + SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_update_retran_path:association"
> + " %p addr: ",
> + " port: %d\n",
> + asoc,
> + (&t->ipaddr),
> + ntohs(t->ipaddr.v4.sin_port));
> + }
> }
>
> /* Choose the transport for sending retransmit packet. */
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
--
Best Regards
-----
Shan Wei
next prev parent reply other threads:[~2010-09-15 8:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-15 8:03 [PATCH] net: SCTP NULL-pointer dereference problem description and fix Thomas Dreibholz
2010-09-15 8:44 ` Shan Wei [this message]
2010-09-15 12:53 ` Thomas Dreibholz
2010-09-15 13:02 ` Vlad Yasevich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C908768.4040502@cn.fujitsu.com \
--to=shanwei@cn.fujitsu.com \
--cc=dreibh@iem.uni-due.de \
--cc=linux-sctp@vger.kernel.org \
--cc=martin.becke@uni-due.de \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).