• R/O
  • HTTP
  • SSH

linux-2.4.36: Commit

2.4.36-stable kernel tree

Commit MetaInfo

Revision05dca9b77f99d80cf615075624666106d5b61727 (tree)
Zeit2006-12-22 07:41:50
AutorMarcel Holtmann <holtmann@redh...>
CommiterWilly Tarreau

Log Message

[PATCH] Call init_timer() for ISDN PPP CCP reset state timer (CVE-2006-5749)

The function isdn_ppp_ccp_reset_alloc_state() sets ->timer.function
and ->timer.data and later on calls add_timer() with no init_timer()
ever done. The call of init_timer() is needed, because otherwise the
call of add_timer() will result in an instant death.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

Ändern Zusammenfassung


--- a/drivers/isdn/isdn_ppp.c
+++ b/drivers/isdn/isdn_ppp.c
@@ -2335,6 +2335,7 @@ static struct ippp_ccp_reset_state *isdn_ppp_ccp_reset_alloc_state(struct ippp_s
23352335 rs->state = CCPResetIdle;
23362336 rs->is = is;
23372337 rs->id = id;
2338+ init_timer(&rs->timer);
23382339 rs->timer.data = (unsigned long)rs;
23392340 rs->timer.function = isdn_ppp_ccp_timer_callback;
23402341 is->reset->rs[id] = rs;
Show on old repository browser