Patch "macvlan: fix a possible use after free" has been added to the 3.2-stable tree

Tue, 31 Jan 2012 11:36:53 -0800 

This is a note to let you know that I've just added the patch titled

    macvlan: fix a possible use after free

to the 3.2-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     macvlan-fix-a-possible-use-after-free.patch
and it can be found in the queue-3.2 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From 33cdb9c9c280982858a98c47233912050209aaa5 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <[email protected]>
Date: Mon, 23 Jan 2012 05:38:59 +0000
Subject: macvlan: fix a possible use after free


From: Eric Dumazet <[email protected]>

[ Upstream commit 4ec7ac1203bcf21f5e3d977c9818b1a56c9ef40d ]

Commit bc416d9768 (macvlan: handle fragmented multicast frames) added a
possible use after free in macvlan_handle_frame(), since
ip_check_defrag() uses pskb_may_pull() : skb header can be reallocated.

Signed-off-by: Eric Dumazet <[email protected]>
Cc: Ben Greear <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
 drivers/net/macvlan.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -172,6 +172,7 @@ static rx_handler_result_t macvlan_handl
                skb = ip_check_defrag(skb, IP_DEFRAG_MACVLAN);
                if (!skb)
                        return RX_HANDLER_CONSUMED;
+               eth = eth_hdr(skb);
                src = macvlan_hash_lookup(port, eth->h_source);
                if (!src)
                        /* frame comes from an external address */


Patches currently in stable-queue which might be from [email protected] are

queue-3.2/net-reintroduce-missing-rcu_assign_pointer-calls.patch
queue-3.2/net-bpf_jit-fix-divide-by-0-generation.patch
queue-3.2/af_unix-fix-epollet-regression-for-stream-sockets.patch
queue-3.2/macvlan-fix-a-possible-use-after-free.patch
queue-3.2/netns-fix-net_alloc_generic.patch
queue-3.2/l2tp-l2tp_ip-fix-possible-oops-on-packet-receive.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to