Re: [PATCH] Kernel oops in ip6t_LOG.c:ip6

netdev

Re: [PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr

To:	okir@xxxxxxx, netdev@xxxxxxxxxxx
Subject:	Re: [PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr
From:	YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@xxxxxxxxxx>
Date:	Thu, 26 Aug 2004 20:56:45 +0900 (JST)
Cc:	netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<20040826113538.GE15409@suse.de>
References:	<20040826113538.GE15409@suse.de>
Sender:	netdev-bounce@xxxxxxxxxxx

In article <20040826113538.GE15409@xxxxxxx> (at Thu, 26 Aug 2004 13:35:39 
+0200), Olaf Kirch <okir@xxxxxxx> says:

>                         hdrlen = *hdrptr[1] * 8 + 8;
>                                ^^^^^^^^^^ it dies here
>                         *hdrptr = *hdrptr + hdrlen;
>                         break;
> 
> hdrptr is a u_int8_t **. What you really want to do here is
> look at (*hdrptr)[1], but what the expression does is look at
> *(hdrptr[1]). Unfortunately, hdrptr[1] is usually random garbage.

Agreed. Same bug also lives in 2.4.x.

--yoshfuji

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr, Olaf Kirch Re: [PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr, YOSHIFUJI Hideaki / 吉藤英明 <= Re: [PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr, David S. Miller

Previous by Date:	[PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr, Olaf Kirch
Next by Date:	Re: [PATCH 2.6] (1/4) netem - update API for new features, jamal
Previous by Thread:	[PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr, Olaf Kirch
Next by Thread:	Re: [PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr, David S. Miller
Indexes:	[Date] [Thread] [Top] [All Lists]