lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 05 Jun 2008 17:43:50 +0200
From:	"Jorge Boncompte [DTI2]" <jorge@...2.net>
To:	netdev@...r.kernel.org
CC:	chas williams <chas@....nrl.navy.mil>
Subject: [PATCH][ATM] br2684: Fix oops due to skb->dev being NULL

	It happens that if a packet arrives in a VC between the call to open it 
on the hardware and the call to change the backend to br2684, 
br2684_regvcc processes the packet and oopses dereferencing skb->dev 
because it is NULL before the call to br2684_push().

Signed-off-by: Jorge Boncompte [DTI2] <jorge@...2.net>
---
  net/atm/br2684.c |    2 +-
  1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/atm/br2684.c b/net/atm/br2684.c
index 9d52ebf..ac60350 100644
--- a/net/atm/br2684.c
+++ b/net/atm/br2684.c
@@ -518,9 +518,9 @@ static int br2684_regvcc(struct atm_vcc *atmvcc, 
void __user * arg)
  		struct sk_buff *next = skb->next;

  		skb->next = skb->prev = NULL;
+		br2684_push(atmvcc, skb);
  		BRPRIV(skb->dev)->stats.rx_bytes -= skb->len;
  		BRPRIV(skb->dev)->stats.rx_packets--;
-		br2684_push(atmvcc, skb);

  		skb = next;
  	}
-- 


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists