[PATCH] remote memory corruptor in ibmtr.c
ip_summed changes last summer had missed that one. As the result, we have ip_summed interpreted as CHECKSUM_PARTIAL now. IOW, ->csum is interpreted as offset of checksum in the packet. net/core/* will both read and modify the value as that offset, with obvious reasons. At the very least it's a remote memory corruptor. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Родитель
87fcd70d98
Коммит
ee28b0da10
|
@ -1826,7 +1826,7 @@ static void tr_rx(struct net_device *dev)
|
|||
skb->protocol = tr_type_trans(skb, dev);
|
||||
if (IPv4_p) {
|
||||
skb->csum = chksum;
|
||||
skb->ip_summed = 1;
|
||||
skb->ip_summed = CHECKSUM_COMPLETE;
|
||||
}
|
||||
netif_rx(skb);
|
||||
dev->last_rx = jiffies;
|
||||
|
|
Загрузка…
Ссылка в новой задаче