github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 23:23:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
24fcc8339e
linux/net/core
History
Amerigo Wang dd81262194 pktgen: fix crash when generating IPv6 packets 
commit 5aa8b57200 upstream.

For IPv6, sizeof(struct ipv6hdr) = 40, thus the following
expression will result negative:

        datalen = pkt_dev->cur_pkt_size - 14 -
                  sizeof(struct ipv6hdr) - sizeof(struct udphdr) -
                  pkt_dev->pkt_overhead;

And,  the check "if (datalen < sizeof(struct pktgen_hdr))" will be
passed as "datalen" is promoted to unsigned, therefore will cause
a crash later.

This is a quick fix by checking if "datalen" is negative. The following
patch will increase the default value of 'min_pkt_size' for IPv6.

This bug should exist for a long time, so Cc -stable too.

Signed-off-by: Cong Wang <amwang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-10-21 09:17:11 -07:00
..
datagram.c Fix a typo in datagram.c and sctp/socket.c. 2010-12-06 13:10:11 -08:00
dev_addr_lists.c net,rcu: convert call_rcu(ha_rcu_free) to kfree_rcu() 2011-05-07 22:50:52 -07:00
dev.c net: do not disable sg for packets requiring no checksum 2012-10-13 05:28:08 +09:00
drop_monitor.c drop_monitor: dont sleep in atomic context 2012-10-02 09:47:42 -07:00
dst.c net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
ethtool.c ethtool: allow ETHTOOL_GSSET_INFO for users 2012-07-16 08:47:37 -07:00
fib_rules.c fib:fix BUG_ON in fib_nl_newrule when add new fib rule 2011-10-03 11:40:51 -07:00
filter.c bug.h: Move ratelimit warn interfaces to ratelimit.h 2011-05-26 15:00:31 -04:00
flow.c net: Handle different key sizes between address families in flow cache 2011-11-11 09:37:17 -08:00
gen_estimator.c net,rcu: convert call_rcu(__gen_kill_estimator) to kfree_rcu() 2011-05-07 22:50:57 -07:00
gen_stats.c net/core: EXPORT_SYMBOL cleanups 2010-07-12 12:57:55 -07:00
iovec.c net: Limit socket I/O iovec total length to INT_MAX. 2010-10-28 11:47:52 -07:00
kmap_skb.h
link_watch.c net: allow netif_carrier to be called safely from IRQ 2011-08-15 18:31:39 -07:00
Makefile net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-15 18:31:35 -07:00
neighbour.c neighbour: Fixed race condition at tbl->nht 2012-03-19 08:57:45 -07:00
net_namespace.c net: Statically initialize init_net.dev_base_head 2012-10-02 09:47:41 -07:00
net-sysfs.c Delay struct net freeing while there's a sysfs instance refering to it 2011-06-12 17:45:41 -04:00
net-sysfs.h xps: Add CONFIG_XPS 2010-11-28 18:24:14 -08:00
net-traces.c netdev: Add tracepoints to netdev layer 2010-09-07 17:51:33 +02:00
netevent.c net/core: EXPORT_SYMBOL cleanups 2010-07-12 12:57:55 -07:00
netpoll.c netpoll: fix netpoll_send_udp() bugs 2012-07-16 08:47:38 -07:00
pktgen.c pktgen: fix crash when generating IPv6 packets 2012-10-21 09:17:11 -07:00
request_sock.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
rtnetlink.c net: feed /dev/random with the MAC address when registering a device 2012-08-15 12:04:13 -07:00
scm.c scm: Capture the full credentials of the scm sender 2011-10-03 11:40:54 -07:00
secure_seq.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-15 18:31:35 -07:00
skbuff.c net: fix a race in sock_queue_err_skb() 2012-04-27 09:51:19 -07:00
sock.c net: guard tcp_set_keepalive() to tcp sockets 2012-10-13 05:28:07 +09:00
stream.c net: Fix the condition passed to sk_wait_event() 2010-10-03 20:41:32 -07:00
sysctl_net_core.c net: Kill ratelimit.h dependency in linux/net.h 2011-05-27 13:41:33 -04:00
timestamping.c net: hold sock reference while processing tx timestamps 2011-11-11 09:35:52 -08:00
user_dma.c net/core/user_dma.c: Use frag list abstraction interfaces. 2009-06-09 00:19:10 -07:00
utils.c net: Kill ratelimit.h dependency in linux/net.h 2011-05-27 13:41:33 -04:00