diff options
author | David Ford <david@blue-labs.org> | 2009-11-29 23:02:22 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-11-29 23:02:22 -0800 |
commit | bbf31bf18d34caa87dd01f08bf713635593697f2 (patch) | |
tree | 715a876da3cd826c701c7b22c8c4add9cf99dba2 | |
parent | 98468efddb101f8a29af974101c17ba513b07be1 (diff) | |
download | linux-bbf31bf18d34caa87dd01f08bf713635593697f2.tar.gz linux-bbf31bf18d34caa87dd01f08bf713635593697f2.tar.bz2 linux-bbf31bf18d34caa87dd01f08bf713635593697f2.zip |
ipv4: additional update of dev_net(dev) to struct *net in ip_fragment.c, NULL ptr OOPS
ipv4 ip_frag_reasm(), fully replace 'dev_net(dev)' with 'net', defined
previously patched into 2.6.29.
Between 2.6.28.10 and 2.6.29, net/ipv4/ip_fragment.c was patched,
changing from dev_net(dev) to container_of(...). Unfortunately the goto
section (out_fail) on oversized packets inside ip_frag_reasm() didn't
get touched up as well. Oversized IP packets cause a NULL pointer
dereference and immediate hang.
I discovered this running openvasd and my previous email on this is
titled: NULL pointer dereference at 2.6.32-rc8:net/ipv4/ip_fragment.c:566
Signed-off-by: David Ford <david@blue-labs.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/ip_fragment.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 575f9bd51ccd..d3fe10be7219 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -563,7 +563,7 @@ out_oversize: printk(KERN_INFO "Oversized IP packet from %pI4.\n", &qp->saddr); out_fail: - IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_REASMFAILS); + IP_INC_STATS_BH(net, IPSTATS_MIB_REASMFAILS); return err; } |