• R/O
  • HTTP
  • SSH
  • HTTPS

linux-2.4.36: Commit

2.4.36-stable kernel tree


Commit MetaInfo

Revisione642722f285e8fd335d109c557bb90b50cc10bd5 (tree)
Zeit2006-09-29 06:28:50
Autordann frazier <dannf@debi...>
CommiterWilly Tarreau

Log Message

[PATCH] Backport fix for CVE-2006-4997 to 2.4 tree

Backport fix for CVE-2006-4997 to 2.4 tree, compile tested.
Original commit message follows.

[ATM] CLIP: Do not refer freed skbuff in clip_mkip().

In clip_mkip(), skb->dev is dereferenced after clip_push(),
which frees up skb.

Advisory: AD_LAB-06009 (<adlab@venustech.com.cn>).

Original patch by YOSHIFUJI Hideaki.

Signed-off-by: dann frazier <dannf@debian.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

Ändern Zusammenfassung

Diff

--- a/net/atm/clip.c
+++ b/net/atm/clip.c
@@ -489,9 +489,11 @@ static int clip_mkip(struct atm_vcc *vcc,int timeout)
489489 else {
490490 unsigned int len = skb->len;
491491
492+ skb_get(skb);
492493 clip_push(vcc,skb);
493494 PRIV(skb->dev)->stats.rx_packets--;
494495 PRIV(skb->dev)->stats.rx_bytes -= len;
496+ kfree_skb(skb);
495497 }
496498 return 0;
497499 }
Show on old repository browser