projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c1b4204) | patch
net: neigh: guard against NULL solicit() method
authorEric Dumazet <edumazet@google.com>
Thu, 23 Mar 2017 19:39:21 +0000 (12:39 -0700)
committerWilly Tarreau <w@1wt.eu>
Tue, 20 Jun 2017 12:04:51 +0000 (14:04 +0200)
commit4d1b81c2669bc6ab4ff24d649c876469aba412a9
tree7fd92fef3ef4fc8e7d08f042308fdfa0fac8182dtree | snapshot (tar.gz zip)
parentc1b42042a542f2493c7a1f0658c8cace120d7cffcommit | diff
net: neigh: guard against NULL solicit() method

commit 48481c8fa16410ffa45939b13b6c53c2ca609e5f upstream.

Dmitry posted a nice reproducer of a bug triggering in neigh_probe()
when dereferencing a NULL neigh->ops->solicit method.

This can happen for arp_direct_ops/ndisc_direct_ops and similar,
which can be used for NUD_NOARP neighbours (created when dev->header_ops
is NULL). Admin can then force changing nud_state to some other state
that would fire neigh timer.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
net/core/neighbour.c diff | blob | blame | history
kernel source for telekom puls (alcatel/mediatek)