[PATCH 59/61] IPV6: fix lockup via /proc/net/ip6_flowlabel [CVE-2006-5619]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-stable review patch.  If anyone has any objections, please let us know.
------------------

From: James Morris <[email protected]>

There's a bug in the seqfile handling for /proc/net/ip6_flowlabel, where, 
after finding a flowlabel, the code will loop forever not finding any 
further flowlabels, first traversing the rest of the hash bucket then just 
looping.

This patch fixes the problem by breaking after the hash bucket has been 
traversed.

Note that this bug can cause lockups and oopses, and is trivially invoked 
by an unpriveleged user.

Signed-off-by: James Morris <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Chris Wright <[email protected]>
---
 net/ipv6/ip6_flowlabel.c |    2 ++
 1 file changed, 2 insertions(+)

--- linux-2.6.18.1.orig/net/ipv6/ip6_flowlabel.c
+++ linux-2.6.18.1/net/ipv6/ip6_flowlabel.c
@@ -587,6 +587,8 @@ static struct ip6_flowlabel *ip6fl_get_n
 	while (!fl) {
 		if (++state->bucket <= FL_HASH_MASK)
 			fl = fl_ht[state->bucket];
+		else
+			break;
 	}
 	return fl;
 }

--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux