From: Jiri Pirko <jpirko@redhat.com> Date: Thu, 17 Sep 2009 14:39:59 +0200 Subject: [net] ipv4: ip_append_data handle NULL routing table Message-id: 20090917123958.GB4973@psychotron.redhat.com O-Subject: [RHEL5.5 patch] BZ520297 net: ipv4: make ip_append_data() handle NULL routing table Bugzilla: 520297 RH-Acked-by: Jiri Olsa <jolsa@redhat.com> RH-Acked-by: Dean Nelson <dnelson@redhat.com> RH-Acked-by: Neil Horman <nhorman@redhat.com> RH-Acked-by: David Miller <davem@redhat.com> BZ520297 https://bugzilla.redhat.com/show_bug.cgi?id=520297 Description: Add a check in ip_append_data() for NULL rt to prevent future bugs in callers from being exploitable. Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=788d908f2879a17e5f80924f3da2e23f1034482d Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=1988626 Jirka Signed-off-by: Jiri Pirko <jpirko@redhat.com> diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index d744b2b..59cfa24 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -813,6 +813,8 @@ int ip_append_data(struct sock *sk, inet->cork.flags |= IPCORK_OPT; inet->cork.addr = ipc->addr; } + if (unlikely(!rt)) + return -EFAULT; dst_hold(&rt->u.dst); inet->cork.fragsize = mtu = dst_mtu(rt->u.dst.path); inet->cork.rt = rt;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
27922b4260f65d317aabda37e42bbbff
>
files
>
2757
