linux/net
Antonio Quartulli 2c995ff892 batman-adv: fix skb->data assignment
skb_linearize(skb) possibly rearranges the skb internal data and then changes
the skb->data pointer value. For this reason any other pointer in the code that
was assigned skb->data before invoking skb_linearise(skb) must be re-assigned.

In the current tt_query message handling code this is not done and therefore, in
case of skb linearization, the pointer used to handle the packet header ends up
in pointing to free'd memory.

This bug was introduced by a73105b8d4
(batman-adv: improved client announcement mechanism)

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-06-19 14:49:08 -07:00
..
9p Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-05-21 20:20:23 -07:00
802 tokenring: delete all remaining driver support 2012-05-15 20:23:16 -04:00
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-05-16 22:17:37 -04:00
appletalk appletalk: Remove out of date message in printk 2012-06-07 13:11:59 -07:00
atm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-05-22 19:22:50 -07:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-23 23:15:17 -04:00
batman-adv batman-adv: fix skb->data assignment 2012-06-19 14:49:08 -07:00
bluetooth Bluetooth: Add support for encryption key refresh 2012-06-08 21:00:40 -03:00
bridge ipv6: correct the ipv6 option name - Pad0 to Pad1 2012-05-17 15:49:51 -04:00
caif net: remove my future former mail address 2012-06-17 16:29:38 -07:00
can net: remove skb_orphan_try() 2012-06-15 15:30:15 -07:00
ceph Merge git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2012-05-30 11:17:19 -07:00
core net: remove skb_orphan_try() 2012-06-15 15:30:15 -07:00
dcb net: dcb: add CEE notify calls 2012-04-25 19:47:17 -04:00
dccp net: include/net/sock.h cleanup 2012-05-17 04:50:21 -04:00
decnet net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
dns_resolver Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-05-21 20:27:36 -07:00
dsa dsa: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:19 -04:00
ethernet net, drivers/net: Convert compare_ether_addr_64bits to ether_addr_equal_64bits 2012-05-10 23:33:01 -04:00
ieee802154 ieee802154: interface type to be added 2012-05-16 15:17:08 -04:00
ipv4 snmp: fix OutOctets counter to include forwarded datagrams 2012-06-07 14:50:56 -07:00
ipv6 ipv6: Move ipv6 proc file registration to end of init order 2012-06-18 18:38:50 -07:00
ipx ipx: Remove spurious NULL checking in ipx_ioctl(). 2012-05-19 00:51:04 -04:00
irda net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
iucv net: remove skb_orphan_try() 2012-06-15 15:30:15 -07:00
key net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
l2tp l2tp: fix a race in l2tp_ip_sendmsg() 2012-06-08 14:30:51 -07:00
lapb lapb: Neaten debugging 2012-05-17 18:45:20 -04:00
llc net: include/net/sock.h cleanup 2012-05-17 04:50:21 -04:00
mac80211 mac80211: stop polling in disassociation 2012-06-13 10:17:55 +02:00
mac802154 mac802154: monitor device support 2012-05-16 15:17:08 -04:00
netfilter netfilter: nf_ct_h323: fix bug in rtcp natting 2012-06-07 14:53:17 +02:00
netlabel netlabel: use GFP flags from caller instead of GFP_ATOMIC 2012-03-22 19:29:57 -04:00
netlink genetlink: Build a generic netlink family module alias 2012-05-29 22:33:56 -04:00
netrom net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nfc NFC: Fix possible NULL ptr deref when getting the name of a socket 2012-06-08 13:47:07 -04:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-05-16 22:17:37 -04:00
packet af_packet: packet_getsockopt() cleanup 2012-04-21 16:36:42 -04:00
phonet net: remove my future former mail address 2012-06-17 16:29:38 -07:00
rds rds_rdma: don't assume infiniband device is PCI 2012-05-29 17:30:07 -04:00
rfkill
rose net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
rxrpc net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
sched sch_atm.c: get rid of poinless extern 2012-06-01 10:37:18 -04:00
sctp sctp: fix warning when compiling without IPv6 2012-06-19 00:26:26 -07:00
sunrpc Merge branch 'for-3.5' of git://linux-nfs.org/~bfields/linux 2012-06-01 08:32:58 -07:00
tipc tipc: compress out gratuitous extra carriage returns 2012-04-30 15:53:56 -04:00
unix net: sock_diag_handler structs can be const 2012-04-25 20:46:59 -04:00
wanrouter net/wanrouter: Deprecate and schedule for removal 2012-05-24 16:22:53 -04:00
wimax net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
wireless cfg80211: fix potential deadlock in regulatory 2012-06-13 10:17:53 +02:00
x25 net: add a limit parameter to sk_add_backlog() 2012-04-23 22:28:28 -04:00
xfrm ipv6: fix incorrect ipsec fragment 2012-05-27 01:11:22 -04:00
compat.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-05-21 20:27:36 -07:00
Kconfig net: drop NET dependency from HAVE_BPF_JIT 2012-05-21 12:50:12 -07:00
Makefile econet: remove ancient bug ridden protocol 2012-05-18 01:35:08 -04:00
nonet.c
socket.c Merge branch 'for-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2012-05-22 17:37:47 -07:00
sysctl_net.c net: delete all instances of special processing for token ring 2012-05-15 20:14:35 -04:00