| To: | Krishna Kumar <krkumar@xxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH 2/5] Bad dereference of xfrm_state in pf_key |
| From: | "David S. Miller" <davem@xxxxxxxxxx> |
| Date: | Tue, 13 Jan 2004 23:21:37 -0800 |
| Cc: | netdev@xxxxxxxxxxx |
| In-reply-to: | <Pine.LNX.4.44.0401131321310.25742-100000@linux-udp14999547uds> |
| References: | <Pine.LNX.4.44.0401131319510.25742-100000@linux-udp14999547uds> <Pine.LNX.4.44.0401131321310.25742-100000@linux-udp14999547uds> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
On Tue, 13 Jan 2004 13:22:36 -0800 (PST) Krishna Kumar <krkumar@xxxxxxxxxx> wrote: > In pfkey_get(), the xfrm_state is dereferenced after it is dropped, > which could lead to dereferencing freed memory. This can also be done > by dropping the reference before the pfkey_broadcast() and in the IS_ERR > case. Obviously correct, patch applied thanks. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH 1/5] ipcomp_tunnel_create doesn't set tunnel state, David S. Miller |
|---|---|
| Next by Date: | Re: [PATCH 3/5] xfrm_lookup bugs, David S. Miller |
| Previous by Thread: | [PATCH 2/5] Bad dereference of xfrm_state in pf_key, Krishna Kumar |
| Next by Thread: | [PATCH 3/5] xfrm_lookup bugs, Krishna Kumar |
| Indexes: | [Date] [Thread] [Top] [All Lists] |