[PATCH] [IPSEC] Avoid null pointer dereference in xfrm4_rcv_encap

From: Dave Kleikamp
Date: Wed Apr 05 2006 - 11:01:00 EST

Next message: Stephen Smalley: "Re: [RFC] packet/socket owner match (fireflier) using skfilter"
Previous message: Dmitry Torokhov: "Re: patch bus_add_device-losing-an-error-return-from-the-probe-method.patch added to gregkh-2.6 tree"
Next in thread: Dave Kleikamp: "Re: [PATCH] [IPSEC] Avoid null pointer dereference inxfrm4_rcv_encap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm getting a panic that I've traced back to this changeset:
http://www.kernel.org/git/gitweb.cgi?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e695633e21ffb6a443a8c2f8b3f095c7f1a48eb0

xfrm4_rcv_encap dereferences x->encap without testing it for null.

Signed-off-by: Dave Kleikamp <shaggy@xxxxxxxxxxxxxx>
--- linux-2.6.17-rc1-mm1/net/ipv4/xfrm4_input.c.orig 2006-04-04
07:37:23.444068000 -0500
+++ linux-2.6.17-rc1-mm1/net/ipv4/xfrm4_input.c 2006-04-05
09:01:08.798510500 -0500
@@ -90,7 +90,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb,
if (unlikely(x->km.state != XFRM_STATE_VALID))
goto drop_unlock;

- if (x->encap->encap_type != encap_type)
+ if (x->encap && (x->encap->encap_type != encap_type))
goto drop_unlock;

if (x->props.replay_window && xfrm_replay_check(x, seq))

--
David Kleikamp
IBM Linux Technology Center

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Smalley: "Re: [RFC] packet/socket owner match (fireflier) using skfilter"
Previous message: Dmitry Torokhov: "Re: patch bus_add_device-losing-an-error-return-from-the-probe-method.patch added to gregkh-2.6 tree"
Next in thread: Dave Kleikamp: "Re: [PATCH] [IPSEC] Avoid null pointer dereference inxfrm4_rcv_encap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]