Date: Thu, 4 Mar 2010 18:07:38 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request - kernel: ip6_dst_lookup_tail() NULL pointer dereference ----- "Eugene Teo" <eugene@...hat.com> wrote: > ipv6: Fix OOPS in ip6_dst_lookup_tail(). > > This fixes kernel bugzilla 11469: "TUN with 1024 neighbours: > ip6_dst_lookup_tail NULL crash" > > dst->neighbour is not necessarily hooked up at this point in the > processing path, so blindly dereferencing it is the wrong thing to do. > > This NULL check exists in other similar paths and this case was just > an > oversight. > > Also fix the completely wrong and confusing indentation here while > we're > at it. > > References: > http://bugzilla.kernel.org/show_bug.cgi?id=11469 > https://bugzilla.redhat.com/show_bug.cgi?id=563781 > > Upstream patch: > http://git.kernel.org/linus/e550dfb0c2c31b6363aa463a035fc9f8dcaa3c9b > Please use CVE-2010-0437 for this. Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ