projects / openwrt / staging / blogic.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4dd7972) | patch
ipv6: NULL pointer dereferrence in tcp_v6_send_ack
authorDenis V. Lunev <den@openvz.org>
Wed, 1 Oct 2008 09:13:16 +0000 (02:13 -0700)
committerDavid S. Miller <davem@davemloft.net>
Wed, 1 Oct 2008 09:13:16 +0000 (02:13 -0700)
commit2a5b82751f73a0bf6f604ce56d34adba6da1b246
tree7ebfa7df43f81ee8aca50263e5bb7f1beed3112ftree | snapshot
parent4dd7972d1204c3851a4092cecd2207e05eb29b09commit | diff
ipv6: NULL pointer dereferrence in tcp_v6_send_ack

The following actions are possible:
tcp_v6_rcv
  skb->dev = NULL;
  tcp_v6_do_rcv
    tcp_v6_hnd_req
      tcp_check_req
        req->rsk_ops->send_ack == tcp_v6_send_ack

So, skb->dev can be NULL in tcp_v6_send_ack. We must obtain namespace
from dst entry.

Thanks to Vitaliy Gusev <vgusev@openvz.org> for initial problem finding
in IPv4 code.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/tcp_ipv6.c diff | blob | history
John Crispins staging tree