Re: [5/9] [TUN] Fix check for underflow
From: Patrick McHardy
Date: Wed Mar 16 2005 - 19:24:33 EST
Chris Wright wrote:
-stable review patch. If anyone has any objections, please let us know.
I agree to both patches and additionally propose this one.
It fixes a crash when reading /proc/net/route (netstat -rn)
while routes are changed. I've seen two bugreports of users
beeing hit by this bug, one for 2.6.10, one for 2.6.11.
Regards
Patrick
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2005/03/10 18:20:44-08:00 kaber@xxxxxxxxx
# [IPV4]: Fix crash while reading /proc/net/route caused by stale pointers
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
# Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
#
# net/ipv4/fib_hash.c
# 2005/03/10 18:20:30-08:00 kaber@xxxxxxxxx +11 -1
# [IPV4]: Fix crash while reading /proc/net/route caused by stale pointers
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
# Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
#
diff -Nru a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c
--- a/net/ipv4/fib_hash.c 2005-03-17 00:58:42 +01:00
+++ b/net/ipv4/fib_hash.c 2005-03-17 00:58:42 +01:00
@@ -919,13 +919,23 @@
return fa;
}
+static struct fib_alias *fib_get_idx(struct seq_file *seq, loff_t pos)
+{
+ struct fib_alias *fa = fib_get_first(seq);
+
+ if (fa)
+ while (pos && (fa = fib_get_next(seq)))
+ --pos;
+ return pos ? NULL : fa;
+}
+
static void *fib_seq_start(struct seq_file *seq, loff_t *pos)
{
void *v = NULL;
read_lock(&fib_hash_lock);
if (ip_fib_main_table)
- v = *pos ? fib_get_next(seq) : SEQ_START_TOKEN;
+ v = *pos ? fib_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
return v;
}