aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2006-10-30 18:08:42 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-10-30 18:24:42 -0500
commitbcd620757d3a4ae78ef0ca41adb5d9e400ed92b6 (patch)
tree35267772a114c8e450bf167076d5cef1c1e81e75
parenta27b58fed90cc5654e2daf1d292cc5bc61be4dd7 (diff)
[IPV6]: fix lockup via /proc/net/ip6_flowlabel
There's a bug in the seqfile handling for /proc/net/ip6_flowlabel, where, after finding a flowlabel, the code will loop forever not finding any further flowlabels, first traversing the rest of the hash bucket then just looping. This patch fixes the problem by breaking after the hash bucket has been traversed. Note that this bug can cause lockups and oopses, and is trivially invoked by an unpriveleged user. Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv6/ip6_flowlabel.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index 1d672b0547f2..062e526a668c 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -587,6 +587,8 @@ static struct ip6_flowlabel *ip6fl_get_next(struct seq_file *seq, struct ip6_flo
587 while (!fl) { 587 while (!fl) {
588 if (++state->bucket <= FL_HASH_MASK) 588 if (++state->bucket <= FL_HASH_MASK)
589 fl = fl_ht[state->bucket]; 589 fl = fl_ht[state->bucket];
590 else
591 break;
590 } 592 }
591 return fl; 593 return fl;
592} 594}