Commit 1c880537 authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller

[PATCH] Re: linux-2.6.7 Equalizer Load-balancer. eql.c. local non-privileged DoS

Vitaly V. Bursov <vitalyvb@ukr.net> wrote:
>
> there are multiple vulns in drivers/net/eql.c
>
> if there is no such device, dev_get_by_name returns NULL and everything dies.
> Exploiting this is trivial.

Thanks for the report.  This patch should fix them.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
===== drivers/net/eql.c 1.13 vs edited =====
parent 29a54a41
...@@ -499,6 +499,8 @@ static int eql_g_slave_cfg(struct net_device *dev, slave_config_t __user *scp) ...@@ -499,6 +499,8 @@ static int eql_g_slave_cfg(struct net_device *dev, slave_config_t __user *scp)
return -ENODEV; return -ENODEV;
ret = -EINVAL; ret = -EINVAL;
if (!slave_dev)
return ret;
spin_lock_bh(&eql->queue.lock); spin_lock_bh(&eql->queue.lock);
if (eql_is_slave(slave_dev)) { if (eql_is_slave(slave_dev)) {
...@@ -534,6 +536,8 @@ static int eql_s_slave_cfg(struct net_device *dev, slave_config_t __user *scp) ...@@ -534,6 +536,8 @@ static int eql_s_slave_cfg(struct net_device *dev, slave_config_t __user *scp)
return -ENODEV; return -ENODEV;
ret = -EINVAL; ret = -EINVAL;
if (!slave_dev)
return ret;
eql = dev->priv; eql = dev->priv;
spin_lock_bh(&eql->queue.lock); spin_lock_bh(&eql->queue.lock);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment