Re: linux-2.6.7 Equalizer Load-balancer. eql.c. local non-privileged DoS

[Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>]

Vitaly V. Bursov <vitalyvb@xxxxxxx> wrote:
> 
> there are multiple vulns in drivers/net/eql.c
> 
> if there is no such device, dev_get_by_name returns NULL and everything dies.
> Exploiting this is trivial.

Thanks for the report.  This patch should fix them.

Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email:  Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
===== drivers/net/eql.c 1.13 vs edited =====
--- 1.13/drivers/net/eql.c      2004-06-05 01:50:36 +10:00
+++ edited/drivers/net/eql.c    2004-06-18 21:30:49 +10:00
@@ -497,6 +497,8 @@
        slave_dev = dev_get_by_name(sc.slave_name);
 
        ret = -EINVAL;
+       if (!slave_dev)
+               return ret;
 
        spin_lock_bh(&eql->queue.lock);
        if (eql_is_slave(slave_dev)) {
@@ -531,6 +533,8 @@
        slave_dev = dev_get_by_name(sc.slave_name);
 
        ret = -EINVAL;
+       if (!slave_dev)
+               return ret;
 
        spin_lock_bh(&eql->queue.lock);
        if (eql_is_slave(slave_dev)) {