[FEISTY]: [PATCH] Fix to Denial of Service security fix, from stable kernel 2.6.20.10

Phillip Lougher phillip at lougher.demon.co.uk
Thu May 3 12:58:44 UTC 2007


>From 8f230e5a7f8fe8c9e048d1c15fbb923236f55ace Mon Sep 17 00:00:00 2001
From: Sergey Vlasov <vsu at altlinux.ru>
Date: Fri, 27 Apr 2007 02:18:35 -0700
Subject: [PATCH] (Fix to Denial of Service security fix, from stable kernel 2.6.20.10)

IPV4: Fix OOPS'er added to netlink fib.

[IPV4] nl_fib_lookup: Initialise res.r before fib_res_put(&res)

When CONFIG_IP_MULTIPLE_TABLES is enabled, the code in nl_fib_lookup()
needs to initialize the res.r field before fib_res_put(&res) - unlike
fib_lookup(), a direct call to ->tb_lookup does not set this field.

Signed-off-by: Sergey Vlasov <vsu at altlinux.ru>
Signed-off-by: David S. Miller <davem at davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>

(cherry picked from commit 6af3412cff50b9a7b12b7b9cf6f01b34fbae4624)
---
 net/ipv4/fib_frontend.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 9a811d0..27d3485 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -778,6 +778,10 @@ static void nl_fib_lookup(struct fib_result_nl *frn, struct fib_table *tb )
 							    .tos = frn->fl_tos,
 							    .scope = frn->fl_scope } } };
 
+#ifdef CONFIG_IP_MULTIPLE_TABLES
+	res.r = NULL;
+#endif
+
 	frn->err = -ENOENT;
 	if (tb) {
 		local_bh_disable();
-- 
1.4.4.2





More information about the kernel-team mailing list