| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 05 Jun 2008 17:43:50 +0200 From: "Jorge Boncompte [DTI2]" <jorge@...2.net> To: netdev@...r.kernel.org CC: chas williams <chas@....nrl.navy.mil> Subject: [PATCH][ATM] br2684: Fix oops due to skb->dev being NULL It happens that if a packet arrives in a VC between the call to open it on the hardware and the call to change the backend to br2684, br2684_regvcc processes the packet and oopses dereferencing skb->dev because it is NULL before the call to br2684_push(). Signed-off-by: Jorge Boncompte [DTI2] <jorge@...2.net> --- net/atm/br2684.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/atm/br2684.c b/net/atm/br2684.c index 9d52ebf..ac60350 100644 --- a/net/atm/br2684.c +++ b/net/atm/br2684.c @@ -518,9 +518,9 @@ static int br2684_regvcc(struct atm_vcc *atmvcc, void __user * arg) struct sk_buff *next = skb->next; skb->next = skb->prev = NULL; + br2684_push(atmvcc, skb); BRPRIV(skb->dev)->stats.rx_bytes -= skb->len; BRPRIV(skb->dev)->stats.rx_packets--; - br2684_push(atmvcc, skb); skb = next; } -- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists