Commit:     64beb8f3eb3c724add64ca3272915528e10213c1
Parent:     dbbeb2f9917792b989b6269ebfe24257f9aa1618
Author:     Florian Westphal <[EMAIL PROTECTED]>
AuthorDate: Sat Jun 23 22:59:40 2007 -0700
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Sat Jun 23 22:59:40 2007 -0700

    [TIPC]: Fix infinite loop in netlink handler
    The tipc netlink config handler uses the nlmsg_pid from the
    request header as destination for its reply. If the application
    initialized nlmsg_pid to 0, the reply is looped back to the kernel,
    causing hangup. Fix: use nlmsg_pid of the skb that triggered the
    Signed-off-by: Florian Westphal <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
 net/tipc/netlink.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c
index 4cdafa2..6a7f7b4 100644
--- a/net/tipc/netlink.c
+++ b/net/tipc/netlink.c
@@ -60,7 +60,7 @@ static int handle_cmd(struct sk_buff *skb, struct genl_info 
                rep_nlh = nlmsg_hdr(rep_buf);
                memcpy(rep_nlh, req_nlh, hdr_space);
                rep_nlh->nlmsg_len = rep_buf->len;
-               genlmsg_unicast(rep_buf, req_nlh->nlmsg_pid);
+               genlmsg_unicast(rep_buf, NETLINK_CB(skb).pid);
        return 0;
