Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 4 Mar 2010 18:07:38 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request - kernel: ip6_dst_lookup_tail() NULL
 pointer dereference


----- "Eugene Teo" <eugene@...hat.com> wrote:

> ipv6: Fix OOPS in ip6_dst_lookup_tail().
> 
> This fixes kernel bugzilla 11469: "TUN with 1024 neighbours:
> ip6_dst_lookup_tail NULL crash"
> 
> dst->neighbour is not necessarily hooked up at this point in the 
> processing path, so blindly dereferencing it is the wrong thing to do.
> 
> This NULL check exists in other similar paths and this case was just
> an 
> oversight.
> 
> Also fix the completely wrong and confusing indentation here while
> we're 
> at it.
> 
> References:
> http://bugzilla.kernel.org/show_bug.cgi?id=11469
> https://bugzilla.redhat.com/show_bug.cgi?id=563781
> 
> Upstream patch:
> http://git.kernel.org/linus/e550dfb0c2c31b6363aa463a035fc9f8dcaa3c9b
> 

Please use CVE-2010-0437 for this.

Thanks.


-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ