system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-11-05 18:23:50 +00:00
Code Issues Projects Releases Packages Wiki Activity
linux/net/bridge
History
Linus Lüssing a516993f0a net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code 
The recent refactoring of the IGMP and MLD parsing code into
ipv6_mc_check_mld() / ip_mc_check_igmp() introduced a potential crash /
BUG() invocation for bridges:

I wrongly assumed that skb_get() could be used as a simple reference
counter for an skb which is not the case. skb_get() bears additional
semantics, a user count. This leads to a BUG() invocation in
pskb_expand_head() / kernel panic if pskb_may_pull() is called on an skb
with a user count greater than one - unfortunately the refactoring did
just that.

Fixing this by removing the skb_get() call and changing the API: The
caller of ipv6_mc_check_mld() / ip_mc_check_igmp() now needs to
additionally check whether the returned skb_trimmed is a clone.

Fixes: 9afd85c9e4 ("net: Export IGMP/MLD message validation code")
Reported-by: Brenden Blanco <bblanco@plumgrid.com>
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-08-13 17:08:39 -07:00
..
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-06-24 16:49:49 -07:00
br.c
br_device.c
br_fdb.c bridge: vlan: flush the dynamically learned entries on port vlan delete 2015-06-24 05:40:55 -07:00
br_forward.c bridge: Fix network header pointer for vlan tagged packets 2015-07-29 12:20:16 -07:00
br_if.c bridge: vlan: flush the dynamically learned entries on port vlan delete 2015-06-24 05:40:55 -07:00
br_input.c
br_ioctl.c
br_mdb.c bridge: mdb: fix delmdb state in the notification 2015-07-29 15:02:30 -07:00
br_multicast.c net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code 2015-08-13 17:08:39 -07:00
br_netfilter_hooks.c netfilter: bridge: don't leak skb in error paths 2015-07-02 17:59:26 +02:00
br_netfilter_ipv6.c netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 2015-07-08 11:02:16 +02:00
br_netlink.c bridge: netlink: account for the IFLA_BRPORT_PROXYARP_WIFI attribute size and policy 2015-08-06 23:54:42 -07:00
br_nf_core.c
br_private.h bridge: vlan: flush the dynamically learned entries on port vlan delete 2015-06-24 05:40:55 -07:00
br_private_stp.h
br_stp.c bridge: stp: when using userspace stp stop kernel hello and hold timers 2015-07-28 23:33:20 -07:00
br_stp_bpdu.c
br_stp_if.c bridge: stp: when using userspace stp stop kernel hello and hold timers 2015-07-28 23:33:20 -07:00
br_stp_timer.c bridge: stp: when using userspace stp stop kernel hello and hold timers 2015-07-28 23:33:20 -07:00
br_sysfs_br.c
br_sysfs_if.c bridge: vlan: flush the dynamically learned entries on port vlan delete 2015-06-24 05:40:55 -07:00
br_vlan.c bridge: vlan: flush the dynamically learned entries on port vlan delete 2015-06-24 05:40:55 -07:00
Kconfig
Makefile