diff options
author | Patrick McHardy <kaber@trash.net> | 2008-04-14 03:46:01 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-04-14 03:46:01 -0400 |
commit | 159d83363b629c91d020734207c1bc788b96af5a (patch) | |
tree | 9e2bd418f94bed1dc0f62eb6a1f7671055c473b9 /net | |
parent | 4dee959723e2bf3a0f9343a46841cd2f0029d424 (diff) |
[BRIDGE]: Fix crash in __ip_route_output_key with bridge netfilter
The bridge netfilter code attaches a fake dst_entry with a pointer to a
fake net_device structure to skbs it passes up to IPv4 netfilter. This
leads to crashes when the skb is passed to __ip_route_output_key when
dereferencing the namespace pointer.
Since bridging can currently only operate in the init_net namespace,
the easiest fix for now is to initialize the nd_net pointer of the
fake net_device struct to &init_net.
Should fix bugzilla 10323: http://bugzilla.kernel.org/show_bug.cgi?id=10323
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/bridge/br_netfilter.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 1c0efd8ad9f3..af7e8be8d8d2 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
@@ -110,7 +110,8 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb) | |||
110 | * ipt_REJECT needs it. Future netfilter modules might | 110 | * ipt_REJECT needs it. Future netfilter modules might |
111 | * require us to fill additional fields. */ | 111 | * require us to fill additional fields. */ |
112 | static struct net_device __fake_net_device = { | 112 | static struct net_device __fake_net_device = { |
113 | .hard_header_len = ETH_HLEN | 113 | .hard_header_len = ETH_HLEN, |
114 | .nd_net = &init_net, | ||
114 | }; | 115 | }; |
115 | 116 | ||
116 | static struct rtable __fake_rtable = { | 117 | static struct rtable __fake_rtable = { |