Netfilter Oops Solved

Edward Killips (etkillips@hotmail.com)
Mon, 17 Dec 2001 01:07:52 -0500


I found the problem in the netfilter code. In the file ipt_TOS.c the
following code is wrong;
if(!nskb)
return NF_DROP;
*pskb = nskb; <---this should be down 1 line
kfree_skb(*pksb); <-- pointer is freed here
iph = (*pksb)->nh.iph; <-- freed pointer is used here.

The following patch fixes the problem.

--- ipt_TOS.c.orig Mon Dec 17 00:33:50 2001
+++ ipt_TOS.c Mon Dec 17 00:34:18 2001
@@ -27,8 +27,8 @@
struct sk_buff *nskb = skb_copy(*pskb, GFP_ATOMIC);
if (!nskb)
return NF_DROP;
- *pskb = nskb;
kfree_skb(*pskb);
+ *pskb = nskb;
iph = (*pskb)->nh.iph;
}

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/