| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070619201834.GH4383@Chamillionaire.breakpoint.cc> Date: Tue, 19 Jun 2007 22:18:34 +0200 From: Florian Westphal <fw-kernel@...len.de> To: netdev@...r.kernel.org Cc: jon.maloy@...csson.com, allan.stephens@...driver.com, per.liden@...csson.com, tipc-discussion@...ts.sourceforge.net Subject: [PATCH] TIPC: Fix infinite loop in netlink handler From: Florian Westphal <fw@...len.de> The tipc netlink config handler uses the nlmsg_pid from the request header as destination for its reply. If the application initialized nlmsg_pid to 0, the reply is looped back to the kernel, causing hangup. Fix: use nlmsg_pid of the skb that triggered the request. Signed-off-by: Florian Westphal <fw@...len.de> --- net/tipc/netlink.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c index 4cdafa2..6a7f7b4 100644 --- a/net/tipc/netlink.c +++ b/net/tipc/netlink.c @@ -60,7 +60,7 @@ static int handle_cmd(struct sk_buff *skb, struct genl_info *info) rep_nlh = nlmsg_hdr(rep_buf); memcpy(rep_nlh, req_nlh, hdr_space); rep_nlh->nlmsg_len = rep_buf->len; - genlmsg_unicast(rep_buf, req_nlh->nlmsg_pid); + genlmsg_unicast(rep_buf, NETLINK_CB(skb).pid); } return 0; - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists