netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ipmr_get_route()

from [David S. Miller] [Permanent Link][Original]
To: netdev@xxxxxxxxxxx
Subject: ipmr_get_route()
From: "David S. Miller" <davem@xxxxxxxxxxxxx>
Date: Mon, 30 Aug 2004 17:14:36 -0700
Sender: netdev-bounce@xxxxxxxxxxx 
This is very broken.

It gets called only by rt_fill_info() to get multicast routing
information from ipmr.c, the skb it passes in is the rtnetlink
message.

But look at what ipmr_get_route() actually does.  If the cache
entry cannot be found, it tries to build an IPV4 packet using
this packet to resolve the missing cache entry!

I think we don't crash here only because most of the time the
user has not specified an explicit input interface in the route
lookup request, and therefore skb->dev is NULL when ipmr_get_route()
takes a look at it.

Nevertheless things are seriously busted here.  Any takers to
fix this thing up? :-)
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • ipmr_get_route(), David S. Miller <=
Previous by Date:  Re: [PATCH] Allow setting dev->weight using ip(8), David S. Miller
Next by Date:  Re: [PATCH] Improve behaviour of Netlink Sockets, David S. Miller
Previous by Thread:  [PATCH 2.6.9-rc1-mm1 1/1] r8169: DAC support fix, Francois Romieu
Next by Thread:  [PATCH] Fix CONFIG_COMPAT with !CONFIG_NET, Andi Kleen
Indexes:  [Date] [Thread] [Top] [All Lists]