| To: | Krishna Kumar <krkumar@xxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH] Uninitialized dst in ip6_dst_lookup |
| From: | "David S. Miller" <davem@xxxxxxxxxx> |
| Date: | Wed, 21 Jan 2004 22:14:21 -0800 |
| Cc: | netdev@xxxxxxxxxxx, krkumar@xxxxxxxxxx |
| In-reply-to: | <Pine.LNX.4.44.0401201115500.23508-100000@linux-udp15191261uds.beaverton.ibm.com> |
| References: | <20040119211156.4bff1640.davem@redhat.com> <Pine.LNX.4.44.0401201115500.23508-100000@linux-udp15191261uds.beaverton.ibm.com> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
On Tue, 20 Jan 2004 11:46:02 -0800 (PST) Krishna Kumar <krkumar@xxxxxxxxxx> wrote: > ip6_dst_lookup() is supposed to fill in the *dst, hence it must not > dereference *dst until it allocates it. However if the passed sk is > NULL and *dst is not set by the caller, the following code will > dereference uninitialized memory : > > if (*dst == NULL) > *dst = ip6_route_output(sk, fl); >>>>> will not execute > if ((err = (*dst)->error)) >>>>> dereference bad stack address. > goto out_err_release; > > I am suggesting moving the responsibility of ensuring a good *dst from the > callers to ip6_dst_lookup(). I agree, patch applied. Thanks. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH] IPV6: add missing sentinel for addrconf procfs, David S. Miller |
|---|---|
| Next by Date: | Re: [PATCH][ATM]: [horizon] avoid warning about limited range of data type, David S. Miller |
| Previous by Thread: | [PATCH] Uninitialized dst in ip6_dst_lookup, Krishna Kumar |
| Next by Thread: | [PATCH 2.6.1] Net device error logging, Jim Keniston |
| Indexes: | [Date] [Thread] [Top] [All Lists] |