Google Git
Sign in
kernel / pub / scm / linux / kernel / git / stable / stable-queue / 596ceabe8ecd2a4ef350d03f53e70790892d8d15 / . / releases / 2.6.32.23 / bridge-clear-ipcb-before-possible-entry-into-ip-stack.patch
blob: 297ddb19ce62f14219b5e0d39efe4ac264cbb424 [file] [log] [blame]
From 7562ef435a00b50b3764b137b22eb2e883289ea3 Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Mon, 5 Jul 2010 21:29:28 +0000
Subject: bridge: Clear IPCB before possible entry into IP stack
From: Herbert Xu <herbert@gondor.apana.org.au>
[ Upstream commit 17762060c25590bfddd68cc1131f28ec720f405f ]
The bridge protocol lives dangerously by having incestuous relations
with the IP stack. In this instance an abomination has been created
where a bogus IPCB area from a bridged packet leads to a crash in
the IP stack because it's interpreted as IP options.
This patch papers over the problem by clearing the IPCB area in that
particular spot. To fix this properly we'd also need to parse any
IP options if present but I'm way too lazy for that.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/bridge/br_netfilter.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -600,6 +600,9 @@ static unsigned int br_nf_pre_routing(un
pskb_trim_rcsum(skb, len);
+ /* BUG: Should really parse the IP options here. */
+ memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
+
nf_bridge_put(skb->nf_bridge);
if (!nf_bridge_alloc(skb))
return NF_DROP;