Re: linux-2.6.7 Equalizer Load-balancer. eql.c. local non-privileged DoS
From: Herbert Xu
Date: Fri Jun 18 2004 - 06:37:33 EST
Vitaly V. Bursov <vitalyvb@xxxxxxx> wrote:
>
> there are multiple vulns in drivers/net/eql.c
>
> if there is no such device, dev_get_by_name returns NULL and everything dies.
> Exploiting this is trivial.
Thanks for the report. This patch should fix them.
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
===== drivers/net/eql.c 1.13 vs edited =====
--- 1.13/drivers/net/eql.c 2004-06-05 01:50:36 +10:00
+++ edited/drivers/net/eql.c 2004-06-18 21:30:49 +10:00
@@ -497,6 +497,8 @@
slave_dev = dev_get_by_name(sc.slave_name);
ret = -EINVAL;
+ if (!slave_dev)
+ return ret;
spin_lock_bh(&eql->queue.lock);
if (eql_is_slave(slave_dev)) {
@@ -531,6 +533,8 @@
slave_dev = dev_get_by_name(sc.slave_name);
ret = -EINVAL;
+ if (!slave_dev)
+ return ret;
spin_lock_bh(&eql->queue.lock);
if (eql_is_slave(slave_dev)) {
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/