From: David S. Miller <davem@redhat.com>
Subject: [RHEL5 2/2]: IPV6 security holes in ipv6_sockglue.c
Date: Tue, 13 Mar 2007 17:30:50 -0400 (EDT)
Bugzilla: 231517
Message-Id: <20070313.173050.75871258.davem@redhat.com>
Changelog: [net] IPV6 security holes in ipv6_sockglue.c - 2
Via the kernel.org bugzilla entry, Olaf Kirch wrote a fix
for another 'opt' blind dereference in this code. This
OOPS is triggerable via a 4 line test program.
Please ACK.
commit dfee0a725bb027b749ffdd318eb48b91d564b266
[IPV6]: Fix for ipv6_setsockopt NULL dereference
I came across this bug in http://bugzilla.kernel.org/show_bug.cgi?id=8155
Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -408,7 +408,7 @@
}
/* routing header option needs extra check */
- if (optname == IPV6_RTHDR && opt->srcrt) {
+ if (optname == IPV6_RTHDR && opt && opt->srcrt) {
struct ipv6_rt_hdr *rthdr = opt->srcrt;
if (rthdr->type)
goto sticky_done;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
27922b4260f65d317aabda37e42bbbff
>
files
>
2794
