netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Fw: [Bug 4279] New: When I try to start vpnc the net/core/skbuff.c:9

from [Patrick McHardy] [Permanent Link][Original]
To: "David S. Miller" <davem@xxxxxxxxxxxxx>
Subject: Re: Fw: [Bug 4279] New: When I try to start vpnc the net/core/skbuff.c:91 crash
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Fri, 11 Mar 2005 06:03:14 +0100
Cc: maxk@xxxxxxxxxxxx, shemminger@xxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20050310192023.1270fef6.davem@xxxxxxxxxxxxx>
References: <20050303095832.6a084856@xxxxxxxxxxxxxxxxx> <4228A354.8020904@xxxxxxxxxxxx> <4228AD8F.4020000@xxxxxxxxx> <20050310192023.1270fef6.davem@xxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1 
David S. Miller wrote:

This check is wrong, gcc optimizes it away:

               if ((len -= sizeof(pi)) > len)
                        return -EINVAL;

This could be responsible for the BUG. If len is 2 or 3 and TUN_NO_PI
isn't set it underflows. alloc_skb() allocates len + 2, which is 0 or
1 byte. skb_reserve tries to reserve 2 bytes and things explode in
skb_put.


Good catch Patrick.

Patch applied, thanks.


The patch is also needed (and applies with fuzz) for 2.4.

Regards
Patrick
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [PATCH 1/7] netpoll: shorten carrier detect timeout, Patrick McHardy
Next by Date:  Network card driver problem (znb.o/tulip), Kosta Todorovic
Previous by Thread:  Re: Fw: [Bug 4279] New: When I try to start vpnc the net/core/skbuff.c:91 crash, David S. Miller
Next by Thread:  Re: Fw: [Bug 4279] New: When I try to start vpnc the net/core/skbuff.c:91 crash, David S. Miller
Indexes:  [Date] [Thread] [Top] [All Lists]