| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090325205700.1a4a7fd6@nehalam> Date: Wed, 25 Mar 2009 20:57:00 -0700 From: Stephen Hemminger <shemminger@...tta.com> To: David Miller <davem@...emloft.net> Cc: "'Stig Thormodsrud'" <stig@...tta.com>, netdev@...r.kernel.org, stable@...r.kernel.org Subject: [PATCH] bridge: bad error handling when adding invalid ether address This fixes an crash when empty bond device is added to a bridge. If an interface with invalid ethernet address (all zero) is added to a bridge, then bridge code detects it when setting up the forward databas entry. But the error unwind is broken, the bridge port object can get freed twice: once when ref count went to zeo, and once by kfree. Since object is never really accessible, just free it. Signed-off-by: Stephen Hemminger <shemminger@...tta.com> --- Patch against 2.6.29, but same code has been around for a while in older releases, so should apply to 2.6.27.y as well. --- a/net/bridge/br_if.c 2009-03-25 20:29:08.310404430 -0700 +++ b/net/bridge/br_if.c 2009-03-25 20:48:21.353468017 -0700 @@ -426,7 +426,6 @@ err2: err1: kobject_del(&p->kobj); err0: - kobject_put(&p->kobj); dev_set_promiscuity(dev, -1); put_back: dev_put(dev); -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists