OSDN > Finden Software > Linux Kernel Documents > SCM > git > linux-2.4.36 > Commit

Linux Kernel Documents
Fork
linux-2.6
linux-2.4.36

R/O
HTTP
SSH
HTTPS

linux-2.4.36: Commit

2.4.36-stable kernel tree

Commit MetaInfo

Revision	05dca9b77f99d80cf615075624666106d5b61727 (tree)
Zeit	2006-12-22 07:41:50
Autor	Marcel Holtmann <holtmann@redh...>
Commiter	Willy Tarreau

Log Message

[PATCH] Call init_timer() for ISDN PPP CCP reset state timer (CVE-2006-5749)

The function isdn_ppp_ccp_reset_alloc_state() sets ->timer.function
and ->timer.data and later on calls add_timer() with no init_timer()
ever done. The call of init_timer() is needed, because otherwise the
call of add_timer() will result in an instant death.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

Ändern Zusammenfassung

modified: drivers/isdn/isdn_ppp.c (diff)

Diff

--- a/drivers/isdn/isdn_ppp.c

+++ b/drivers/isdn/isdn_ppp.c

		@@ -2335,6 +2335,7 @@ static struct ippp_ccp_reset_state *isdn_ppp_ccp_reset_alloc_state(struct ippp_s
2335	2335	rs->state = CCPResetIdle;
2336	2336	rs->is = is;
2337	2337	rs->id = id;
	2338	+ init_timer(&rs->timer);
2338	2339	rs->timer.data = (unsigned long)rs;
2339	2340	rs->timer.function = isdn_ppp_ccp_timer_callback;
2340	2341	is->reset->rs[id] = rs;

Show on old repository browser