* [PATCH] net: SCTP NULL-pointer dereference problem description and fix
@ 2010-09-15 8:03 Thomas Dreibholz
2010-09-15 8:44 ` Shan Wei
0 siblings, 1 reply; 4+ messages in thread
From: Thomas Dreibholz @ 2010-09-15 8:03 UTC (permalink / raw)
To: netdev, linux-sctp; +Cc: Martin Becke
sctp_assoc_update_retran_path() in net/sctp/associola.c may dereference a
NULL-pointer when compiled with SCTP_DEBUG option: t will be NULL if there is
no usable path for retransmission. SCTP_DEBUG_PRINTK_IPADDR() makes an access
to t->ipaddr.v4.sin_port, without checking t before. t==NULL => oops.
The patch below against 2.6.36-rc4 (git repository) simply ensures that t is
checked for not being set to NULL before calling SCTP_DEBUG_PRINTK_IPADDR().
Signed-off-by: Thomas Dreibholz <dreibh@iem.uni-due.de>
---
diff --git a/net/sctp/associola.c b/net/sctp/associola.c
index e41feff..b2688a4 100644
--- a/net/sctp/associola.c
+++ b/net/sctp/associola.c
@@ -1321,15 +1321,15 @@ void sctp_assoc_update_retran_path(struct
sctp_association *asoc)
}
}
- if (t)
+ if (t) {
asoc->peer.retran_path = t;
-
- SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_update_retran_path:association"
- " %p addr: ",
- " port: %d\n",
- asoc,
- (&t->ipaddr),
- ntohs(t->ipaddr.v4.sin_port));
+ SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_update_retran_path:association"
+ " %p addr: ",
+ " port: %d\n",
+ asoc,
+ (&t->ipaddr),
+ ntohs(t->ipaddr.v4.sin_port));
+ }
}
/* Choose the transport for sending retransmit packet. */
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] net: SCTP NULL-pointer dereference problem description and fix
2010-09-15 8:03 [PATCH] net: SCTP NULL-pointer dereference problem description and fix Thomas Dreibholz
@ 2010-09-15 8:44 ` Shan Wei
2010-09-15 12:53 ` Thomas Dreibholz
0 siblings, 1 reply; 4+ messages in thread
From: Shan Wei @ 2010-09-15 8:44 UTC (permalink / raw)
To: Thomas Dreibholz; +Cc: netdev, linux-sctp, Martin Becke
Thomas Dreibholz wrote, at 09/15/2010 04:03 PM:
> sctp_assoc_update_retran_path() in net/sctp/associola.c may dereference a
> NULL-pointer when compiled with SCTP_DEBUG option: t will be NULL if there is
> no usable path for retransmission. SCTP_DEBUG_PRINTK_IPADDR() makes an access
> to t->ipaddr.v4.sin_port, without checking t before. t==NULL => oops.
>
> The patch below against 2.6.36-rc4 (git repository) simply ensures that t is
> checked for not being set to NULL before calling SCTP_DEBUG_PRINTK_IPADDR().
This bug has been reported by WeiYongjun and fixed by vlad for several months.
About the details see .
http://marc.info/?l=linux-sctp&m=127359276009851&w=2
But this patch is still in vlad's net-next tree, not in main tree.
See the patch:
http://git.kernel.org/?p=linux/kernel/git/vxy/lksctp-dev.git;a=commit;h=eb1639d206320e6a09168d6dd77306eaf5f02582
>
>
> Signed-off-by: Thomas Dreibholz <dreibh@iem.uni-due.de>
> ---
> diff --git a/net/sctp/associola.c b/net/sctp/associola.c
> index e41feff..b2688a4 100644
> --- a/net/sctp/associola.c
> +++ b/net/sctp/associola.c
> @@ -1321,15 +1321,15 @@ void sctp_assoc_update_retran_path(struct
> sctp_association *asoc)
> }
> }
>
> - if (t)
> + if (t) {
> asoc->peer.retran_path = t;
> -
> - SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_update_retran_path:association"
> - " %p addr: ",
> - " port: %d\n",
> - asoc,
> - (&t->ipaddr),
> - ntohs(t->ipaddr.v4.sin_port));
> + SCTP_DEBUG_PRINTK_IPADDR("sctp_assoc_update_retran_path:association"
> + " %p addr: ",
> + " port: %d\n",
> + asoc,
> + (&t->ipaddr),
> + ntohs(t->ipaddr.v4.sin_port));
> + }
> }
>
> /* Choose the transport for sending retransmit packet. */
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
--
Best Regards
-----
Shan Wei
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] net: SCTP NULL-pointer dereference problem description and fix
2010-09-15 8:44 ` Shan Wei
@ 2010-09-15 12:53 ` Thomas Dreibholz
2010-09-15 13:02 ` Vlad Yasevich
0 siblings, 1 reply; 4+ messages in thread
From: Thomas Dreibholz @ 2010-09-15 12:53 UTC (permalink / raw)
To: Shan Wei; +Cc: netdev, linux-sctp, Martin Becke
On Mittwoch 15 September 2010, Shan Wei wrote:
> Thomas Dreibholz wrote, at 09/15/2010 04:03 PM:
> > sctp_assoc_update_retran_path() in net/sctp/associola.c may dereference a
> > NULL-pointer when compiled with SCTP_DEBUG option: t will be NULL if
> > there is no usable path for retransmission. SCTP_DEBUG_PRINTK_IPADDR()
> > makes an access to t->ipaddr.v4.sin_port, without checking t before.
> > t==NULL => oops.
> >
> > The patch below against 2.6.36-rc4 (git repository) simply ensures that t
> > is checked for not being set to NULL before calling
> > SCTP_DEBUG_PRINTK_IPADDR().
>
> This bug has been reported by WeiYongjun and fixed by vlad for several
> months. About the details see .
> http://marc.info/?l=linux-sctp&m=127359276009851&w=2
>
> But this patch is still in vlad's net-next tree, not in main tree.
> See the patch:
> http://git.kernel.org/?p=linux/kernel/git/vxy/lksctp-dev.git;a=commit;h=eb1
> 639d206320e6a09168d6dd77306eaf5f02582
This patch resolves the problem. I am using the main tree. The patch should
also be applied there.
Best regards
--
=======================================================================
Dr. Thomas Dreibholz
University of Duisburg-Essen, Room ES210
Inst. for Experimental Mathematics Ellernstraße 29
Computer Networking Technology Group D-45326 Essen/Germany
-----------------------------------------------------------------------
E-Mail: dreibh@iem.uni-due.de
Homepage: http://www.iem.uni-due.de/~dreibh
=======================================================================
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] net: SCTP NULL-pointer dereference problem description and fix
2010-09-15 12:53 ` Thomas Dreibholz
@ 2010-09-15 13:02 ` Vlad Yasevich
0 siblings, 0 replies; 4+ messages in thread
From: Vlad Yasevich @ 2010-09-15 13:02 UTC (permalink / raw)
To: Thomas Dreibholz; +Cc: Shan Wei, netdev, linux-sctp, Martin Becke
On 09/15/2010 08:53 AM, Thomas Dreibholz wrote:
> On Mittwoch 15 September 2010, Shan Wei wrote:
>> Thomas Dreibholz wrote, at 09/15/2010 04:03 PM:
>>> sctp_assoc_update_retran_path() in net/sctp/associola.c may dereference a
>>> NULL-pointer when compiled with SCTP_DEBUG option: t will be NULL if
>>> there is no usable path for retransmission. SCTP_DEBUG_PRINTK_IPADDR()
>>> makes an access to t->ipaddr.v4.sin_port, without checking t before.
>>> t==NULL => oops.
>>>
>>> The patch below against 2.6.36-rc4 (git repository) simply ensures that t
>>> is checked for not being set to NULL before calling
>>> SCTP_DEBUG_PRINTK_IPADDR().
>>
>> This bug has been reported by WeiYongjun and fixed by vlad for several
>> months. About the details see .
>> http://marc.info/?l=linux-sctp&m=127359276009851&w=2
>>
>> But this patch is still in vlad's net-next tree, not in main tree.
>> See the patch:
>> http://git.kernel.org/?p=linux/kernel/git/vxy/lksctp-dev.git;a=commit;h=eb1
>> 639d206320e6a09168d6dd77306eaf5f02582
>
> This patch resolves the problem. I am using the main tree. The patch should
> also be applied there.
>
>
> Best regards
Yes. I know. I've been just touch busy (and not with SCTP pieces) and backlog
is starting to accumulate.
I'll try to push stuff out this week.
-vlad
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-09-15 13:03 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-09-15 8:03 [PATCH] net: SCTP NULL-pointer dereference problem description and fix Thomas Dreibholz
2010-09-15 8:44 ` Shan Wei
2010-09-15 12:53 ` Thomas Dreibholz
2010-09-15 13:02 ` Vlad Yasevich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).