econet denial of service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4342
From: David S. Miller <[email protected]> Date: Wed, 8 Dec 2010 18:42:23 -0800 Subject: [PATCH] econet: Fix crash in aun_incoming().
commit 4e085e76cbe558b79b54cbab772f61185879bc64 upstream. Unconditional use of skb->dev won't work here, try to fetch the econet device via skb_dst()->dev instead. Suggested by Eric Dumazet. Reported-by: Nelson Elhage <[email protected]> Tested-by: Nelson Elhage <[email protected]> Signed-off-by: David S. Miller <[email protected]> [jmm: Slightly adapted for 2.6.32] --- --- a/net/econet/af_econet.c +++ b/net/econet/af_econet.c @@ -843,9 +843,13 @@ { struct iphdr *ip = ip_hdr(skb); unsigned char stn = ntohl(ip->saddr) & 0xff; + struct dst_entry *dst = skb_dst(skb); + struct ec_device *edev = NULL; struct sock *sk; struct sk_buff *newskb; - struct ec_device *edev = skb->dev->ec_ptr; + + if (dst) + edev = dst->dev->ec_ptr; if (! edev) goto bad;
_______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
