[PATCH] Kernel oops in ip6t_LOG.c:ip6

To:	netfilter-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr
From:	Olaf Kirch <okir@xxxxxxx>
Date:	Thu, 26 Aug 2004 13:35:39 +0200
Cc:	netdev@xxxxxxxxxxx
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.6i

Hi,

We just ran into a kernel oops after enabling ipv6 packet filtering.
The machine would choke on the IGMPv6 packets sent out when the
interface is taken up. The reason is this code:

                /*stupid rfc2402 */
                case IPPROTO_DSTOPTS:
                case IPPROTO_ROUTING:
                case IPPROTO_HOPOPTS:
                        nexthdr = **hdrptr;
                        hdrlen = *hdrptr[1] * 8 + 8;
                                 ^^^^^^^^^^ it dies here
                        *hdrptr = *hdrptr + hdrlen;
                        break;

hdrptr is a u_int8_t **. What you really want to do here is
look at (*hdrptr)[1], but what the expression does is look at
*(hdrptr[1]). Unfortunately, hdrptr[1] is usually random garbage.

The attached patch fixes this.

Olaf
-- 
Olaf Kirch     |  The Hardware Gods hate me.
okir@xxxxxxx   |
---------------+

netfilter6-logging
Description: Text document

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr, Olaf Kirch <= Re: [PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr, YOSHIFUJI Hideaki / 吉藤英明 Re: [PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr, David S. Miller

Previous by Date:	Re: [NET]: Device mtu/txqlen/ifmap via rtnetlink., David S. Miller
Next by Date:	Re: [PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr, YOSHIFUJI Hideaki / 吉藤英明
Previous by Thread:	Re: [NET]: Device mtu/txqlen/ifmap via rtnetlink., Jeff Garzik
Next by Thread:	Re: [PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr, YOSHIFUJI Hideaki / 吉藤英明
Indexes:	[Date] [Thread] [Top] [All Lists]

[PATCH] Kernel oops in ip6t_LOG.c:ip6_nexthdr