rpms/kernel/F-12 ipv4-fix-null-ptr-deref-in-ip_fragment.patch, NONE, 1.1 kernel.spec, 1.1947, 1.1948
Kyle McMartin
kyle at fedoraproject.org
Fri Dec 4 04:38:00 UTC 2009
- Previous message (by thread): rpms/rubygem-ruby2ruby/F-12 import.log, NONE, 1.1 pt_testcase.rb, NONE, 1.1 rubygem-ruby2ruby.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/kernel/F-12 drm-nouveau.patch, 1.69, 1.70 kernel.spec, 1.1948, 1.1949
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kyle
Update of /cvs/pkgs/rpms/kernel/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32040
Modified Files:
kernel.spec
Added Files:
ipv4-fix-null-ptr-deref-in-ip_fragment.patch
Log Message:
* Thu Dec 03 2009 Kyle McMartin <kyle at redhat.com> 2.6.31.6-162
- ipv4-fix-null-ptr-deref-in-ip_fragment.patch: null ptr deref
bug fix.
ipv4-fix-null-ptr-deref-in-ip_fragment.patch:
ip_fragment.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE ipv4-fix-null-ptr-deref-in-ip_fragment.patch ---
From: David Ford <david at blue-labs.org>
Date: Mon, 30 Nov 2009 07:02:22 +0000 (-0800)
Subject: ipv4: additional update of dev_net(dev) to struct *net in ip_fragment.c, NULL ptr...
X-Git-Tag: v2.6.32~40^2~6
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=bbf31bf18d34caa87dd01f08bf713635593697f2
ipv4: additional update of dev_net(dev) to struct *net in ip_fragment.c, NULL ptr OOPS
ipv4 ip_frag_reasm(), fully replace 'dev_net(dev)' with 'net', defined
previously patched into 2.6.29.
Between 2.6.28.10 and 2.6.29, net/ipv4/ip_fragment.c was patched,
changing from dev_net(dev) to container_of(...). Unfortunately the goto
section (out_fail) on oversized packets inside ip_frag_reasm() didn't
get touched up as well. Oversized IP packets cause a NULL pointer
dereference and immediate hang.
I discovered this running openvasd and my previous email on this is
titled: NULL pointer dereference at 2.6.32-rc8:net/ipv4/ip_fragment.c:566
Signed-off-by: David Ford <david at blue-labs.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
---
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 575f9bd..d3fe10b 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -563,7 +563,7 @@ out_oversize:
printk(KERN_INFO "Oversized IP packet from %pI4.\n",
&qp->saddr);
out_fail:
- IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_REASMFAILS);
+ IP_INC_STATS_BH(net, IPSTATS_MIB_REASMFAILS);
return err;
}
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-12/kernel.spec,v
retrieving revision 1.1947
retrieving revision 1.1948
diff -u -p -r1.1947 -r1.1948
--- kernel.spec 2 Dec 2009 23:02:45 -0000 1.1947
+++ kernel.spec 4 Dec 2009 04:38:00 -0000 1.1948
@@ -809,6 +809,9 @@ Patch14462: highmem-fix-arm-powerpc-kmap
Patch14463: dlm-fix-connection-close-handling.patch
+# rhbz#544144 [bbf31bf18d34caa87dd01f08bf713635593697f2]
+Patch14464: ipv4-fix-null-ptr-deref-in-ip_fragment.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1512,6 +1515,9 @@ ApplyPatch highmem-fix-arm-powerpc-kmap_
ApplyPatch dlm-fix-connection-close-handling.patch
+# rhbz#544144
+ApplyPatch ipv4-fix-null-ptr-deref-in-ip_fragment.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2161,6 +2167,10 @@ fi
# and build.
%changelog
+* Thu Dec 03 2009 Kyle McMartin <kyle at redhat.com> 2.6.31.6-162
+- ipv4-fix-null-ptr-deref-in-ip_fragment.patch: null ptr deref
+ bug fix.
+
* Thu Dec 03 2009 Dave Airlie <airlied at redhat.com> 2.6.31.6-161
- rv410 LVDS on resume test fix from AMD (#541562)
- Previous message (by thread): rpms/rubygem-ruby2ruby/F-12 import.log, NONE, 1.1 pt_testcase.rb, NONE, 1.1 rubygem-ruby2ruby.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/kernel/F-12 drm-nouveau.patch, 1.69, 1.70 kernel.spec, 1.1948, 1.1949
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list