FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-01-02 07:11:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
28518fc170
linux/net
History
Pavel Emelyanov 28518fc170 [NET]: NULL pointer dereference and other nasty things in /proc/net/(tcp|udp)[6] 
Commits f40c81 ([NETNS][IPV4] tcp - make proc handle the network
namespaces) and a91275 ([NETNS][IPV6] udp - make proc handle the
network namespace) both introduced bad checks on sockets and tw
buckets to belong to proper net namespace.

I.e. when checking for socket to belong to given net and family the

	do {
		sk = sk_next(sk);
	} while (sk && sk->sk_net != net && sk->sk_family != family);

constructions were used. This is wrong, since as soon as the
sk->sk_net fits the net the socket is immediately returned, even if it
belongs to other family.

As the result four /proc/net/(udp|tcp)[6] entries show wrong info.
The udp6 entry even oopses when dereferencing inet6_sk(sk) pointer:

static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket)
{
	...
        struct ipv6_pinfo *np = inet6_sk(sp);
	...

        dest  = &np->daddr; /* will be NULL for AF_INET sockets */
	...
	seq_printf(...
	           dest->s6_addr32[0], dest->s6_addr32[1],
                   dest->s6_addr32[2], dest->s6_addr32[3],
	...

Fix it by converting && to ||.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-03-21 15:52:00 -07:00
..
9p net: replace remaining __FUNCTION__ occurrences 2008-03-05 20:47:47 -08:00
802 [TR] net/802/tr.c: sysctl_tr_rif_timeout static 2008-01-31 19:28:31 -08:00
8021q Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-18 00:37:55 -07:00
appletalk [ATALK/DECNET]: Use seq_open_private in appletalk and decnet. 2008-02-29 11:38:24 -08:00
atm [ATM]: Use seq_open/release_privade instead of manual manipulations. 2008-02-29 11:37:02 -08:00
ax25 [AX25] ax25_out: check skb for NULL in ax25_kick() 2008-02-17 22:31:19 -08:00
bluetooth bluetooth: make bnep_sock_cleanup() return void 2008-03-05 18:47:40 -08:00
bridge Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-21 03:42:24 -07:00
can [CAN]: Minor clean-ups 2008-02-07 18:05:04 -08:00
core [NET]: Add per-connection option to set max TSO frame size 2008-03-21 03:43:19 -07:00
dccp net: replace remaining __FUNCTION__ occurrences 2008-03-05 20:47:47 -08:00
decnet [ATALK/DECNET]: Use seq_open_private in appletalk and decnet. 2008-02-29 11:38:24 -08:00
econet [NET]: Convert init_timer into setup_timer 2008-01-28 14:53:35 -08:00
ethernet [ETH]: Combine format_addr() with print_mac(). 2008-01-28 15:00:05 -08:00
ieee80211 the scheduled ieee80211 softmac removal 2008-03-13 16:02:31 -04:00
ipv4 [NET]: NULL pointer dereference and other nasty things in /proc/net/(tcp|udp)[6] 2008-03-21 15:52:00 -07:00
ipv6 [NETNS][IPV6] tcp6 - make proc per namespace 2008-03-21 04:14:45 -07:00
ipx [IPX]: Use proc_create() to setup ->proc_fops first 2008-02-28 14:06:14 -08:00
irda net: replace remaining __FUNCTION__ occurrences 2008-03-05 20:47:47 -08:00
iucv iucv: fix build error on !SMP 2008-03-03 12:12:33 -08:00
key [AF_KEY]: Dump SA/SP entries non-atomically 2008-03-03 23:40:12 -08:00
lapb [LAPB] net/lapb/lapb_iface.c: use LIST_HEAD instead of LIST_HEAD_INIT 2008-01-28 14:56:52 -08:00
llc net: replace remaining __FUNCTION__ occurrences 2008-03-05 20:47:47 -08:00
mac80211 the scheduled rc80211-simple.c removal 2008-03-13 16:02:31 -04:00
netfilter Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-21 03:42:24 -07:00
netlabel [NETLABEL]: Move some initialization code into __init section. 2008-02-17 22:33:57 -08:00
netlink netlink: make socket filters work on netlink 2008-03-21 15:46:12 -07:00
netrom [NET]: Simple ctl_table to ctl_path conversions. 2008-01-28 15:01:07 -08:00
packet [PACKET]: Fix sparse warnings in af_packet.c 2008-01-28 15:00:48 -08:00
rfkill PM: Introduce PM_EVENT_HIBERNATE callback state 2008-02-23 10:40:04 -08:00
rose [ROSE]: Supress sparse warnings 2008-01-28 15:02:44 -08:00
rxrpc Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-18 00:37:55 -07:00
sched Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-18 00:37:55 -07:00
sctp Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-21 03:42:24 -07:00
sunrpc Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-18 00:37:55 -07:00
tipc [TIPC]: Update version to 1.6.3 2008-03-06 15:08:40 -08:00
unix net: replace remaining __FUNCTION__ occurrences 2008-03-05 20:47:47 -08:00
wanrouter [WANROUTER]: Use proc_create() to setup ->proc_fops first 2008-02-28 14:15:56 -08:00
wireless nl80211/cfg80211: support for mesh, sta dumping 2008-03-06 15:30:41 -05:00
x25 [X25]: Use proc_create() to setup ->proc_fops first 2008-02-28 14:16:33 -08:00
xfrm [XFRM]: Speed up xfrm_policy and xfrm_state walking 2008-02-28 21:31:08 -08:00
compat.c [NETFILTER]: ip6_tables: add compat support 2008-01-28 14:58:36 -08:00
Kconfig [IPV4]: Fix size description of CONFIG_INET. 2008-03-04 15:18:22 +09:00
Makefile [CAN]: Add PF_CAN core module 2008-01-28 14:54:10 -08:00
nonet.c
socket.c [NET]: Make sure sockets implement splice_read 2008-02-15 02:35:45 -08:00
sysctl_net.c [NET]: Remove the empty net_table 2008-01-28 14:56:29 -08:00
TUNABLE