Message ID | 20100706072928.GB14612@gondor.apana.org.au |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: Herbert Xu <herbert@gondor.apana.org.au> Date: Tue, 6 Jul 2010 15:29:28 +0800 > bridge: Clear IPCB before possible entry into IP stack > > The bridge protocol lives dangerously by having incestuous relations > with the IP stack. In this instance an abomination has been created > where a bogus IPCB area from a bridged packet leads to a crash in > the IP stack because it's interpreted as IP options. > > This patch papers over the problem by clearing the IPCB area in that > particular spot. To fix this properly we'd also need to parse any > IP options if present but I'm way too lazy for that. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Applied, thanks a lot! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 4442099..8fb75f8 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -591,6 +591,9 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, pskb_trim_rcsum(skb, len); + /* BUG: Should really parse the IP options here. */ + memset(IPCB(skb), 0, sizeof(struct inet_skb_parm)); + nf_bridge_put(skb->nf_bridge); if (!nf_bridge_alloc(skb)) return NF_DROP;