aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@woody.linux-foundation.org>2007-04-25 16:51:21 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-04-25 16:51:21 -0400
commit707abb7986293b24b83dba163ffc79d8895236f9 (patch)
treee5f9d226ef9d864a11cfcc1df1fcd33ea0447523
parentcbc31a475a7f7748bd0a4e536533868e7cff8645 (diff)
parent1194ed0a3eb8076c8fbfe310f1ccbf229e8647de (diff)
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [NETLINK]: Infinite recursion in netlink.
-rw-r--r--net/ipv4/fib_frontend.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index fc920f63452..cac06c43f00 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -776,6 +776,8 @@ static void nl_fib_lookup(struct fib_result_nl *frn, struct fib_table *tb )
776 .nl_u = { .ip4_u = { .daddr = frn->fl_addr, 776 .nl_u = { .ip4_u = { .daddr = frn->fl_addr,
777 .tos = frn->fl_tos, 777 .tos = frn->fl_tos,
778 .scope = frn->fl_scope } } }; 778 .scope = frn->fl_scope } } };
779
780 frn->err = -ENOENT;
779 if (tb) { 781 if (tb) {
780 local_bh_disable(); 782 local_bh_disable();
781 783
@@ -787,6 +789,7 @@ static void nl_fib_lookup(struct fib_result_nl *frn, struct fib_table *tb )
787 frn->nh_sel = res.nh_sel; 789 frn->nh_sel = res.nh_sel;
788 frn->type = res.type; 790 frn->type = res.type;
789 frn->scope = res.scope; 791 frn->scope = res.scope;
792 fib_res_put(&res);
790 } 793 }
791 local_bh_enable(); 794 local_bh_enable();
792 } 795 }
@@ -801,6 +804,9 @@ static void nl_fib_input(struct sock *sk, int len)
801 struct fib_table *tb; 804 struct fib_table *tb;
802 805
803 skb = skb_dequeue(&sk->sk_receive_queue); 806 skb = skb_dequeue(&sk->sk_receive_queue);
807 if (skb == NULL)
808 return;
809
804 nlh = (struct nlmsghdr *)skb->data; 810 nlh = (struct nlmsghdr *)skb->data;
805 if (skb->len < NLMSG_SPACE(0) || skb->len < nlh->nlmsg_len || 811 if (skb->len < NLMSG_SPACE(0) || skb->len < nlh->nlmsg_len ||
806 nlh->nlmsg_len < NLMSG_LENGTH(sizeof(*frn))) { 812 nlh->nlmsg_len < NLMSG_LENGTH(sizeof(*frn))) {
@@ -813,7 +819,7 @@ static void nl_fib_input(struct sock *sk, int len)
813 819
814 nl_fib_lookup(frn, tb); 820 nl_fib_lookup(frn, tb);
815 821
816 pid = nlh->nlmsg_pid; /*pid of sending process */ 822 pid = NETLINK_CB(skb).pid; /* pid of sending process */
817 NETLINK_CB(skb).pid = 0; /* from kernel */ 823 NETLINK_CB(skb).pid = 0; /* from kernel */
818 NETLINK_CB(skb).dst_group = 0; /* unicast */ 824 NETLINK_CB(skb).dst_group = 0; /* unicast */
819 netlink_unicast(sk, skb, pid, MSG_DONTWAIT); 825 netlink_unicast(sk, skb, pid, MSG_DONTWAIT);