| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Apr 2012 20:22:00 -0400
From: Dave Jones <davej@...hat.com>
To: David Miller <davem@...emloft.net>
Cc: netdev@...r.kernel.org, kernel-team@...oraproject.org
Subject: Re: NULL pointer dereference at __ip_route_output_key
On Mon, Apr 02, 2012 at 08:07:11PM -0400, David Miller wrote:
> > We just had this reported. Look familiar to anyone ?
>
> If you could unravel the source file and line the OOPS occurs at, I
> can look at these kinds of reports much faster. As it stands, when I
> see a Fedora OOPS, it's a long process for me:
Ok, I'll try and pull these apart for you in future, as I usually
have the bits for the most recent builds around.
> Anyways in this case dev_out is NULL when we read it around line
> 2798 of net/ipv4/route.c:
>
> dev_out = FIB_RES_DEV(res);
> fl4->flowi4_oif = dev_out->ifindex;
>
> and we are thus OOPS'ing on the dev_out->ifindex.
>
> Unfortunately I've never seen a report like this. If the reporter can
> reproduce, you can try to extract more information by doing something
> like this right after the dev_out assignment:
>
> if (!dev_out) {
> pr_crit("ipv4: FIB_RES_DEV() is NULL, nh_sel=%d\n",
> res.nh_sel);
> rth = ERR_PTR(-EINVAL);
> goto out;
> }
>
> This debugging will also avoid the NULL pointer crash at least for
> that particular invocation.
ok, I'll do a test build with this change for the user to try out.
Hopefully he can retrigger it.
thanks,
Dave
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists