Patch "netfilter: Fix potential use after free in ip6_route_me_harder()" has been added to the 3.14-stable tree

Mon, 09 Jun 2014 15:34:18 -0700 

This is a note to let you know that I've just added the patch titled

    netfilter: Fix potential use after free in ip6_route_me_harder()

to the 3.14-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     netfilter-fix-potential-use-after-free-in-ip6_route_me_harder.patch
and it can be found in the queue-3.14 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From a8951d5814e1373807a94f79f7ccec7041325470 Mon Sep 17 00:00:00 2001
From: Sergey Popovich <[email protected]>
Date: Thu, 8 May 2014 16:22:35 +0300
Subject: netfilter: Fix potential use after free in ip6_route_me_harder()

From: Sergey Popovich <[email protected]>

commit a8951d5814e1373807a94f79f7ccec7041325470 upstream.

Dst is released one line before we access it again with dst->error.

Fixes: 58e35d147128 netfilter: ipv6: propagate routing errors from
ip6_route_me_harder()

Signed-off-by: Sergey Popovich <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 net/ipv6/netfilter.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -30,13 +30,15 @@ int ip6_route_me_harder(struct sk_buff *
                .daddr = iph->daddr,
                .saddr = iph->saddr,
        };
+       int err;
 
        dst = ip6_route_output(net, skb->sk, &fl6);
-       if (dst->error) {
+       err = dst->error;
+       if (err) {
                IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
                LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more 
route.\n");
                dst_release(dst);
-               return dst->error;
+               return err;
        }
 
        /* Drop old route. */


Patches currently in stable-queue which might be from [email protected] 
are

queue-3.14/netfilter-fix-potential-use-after-free-in-ip6_route_me_harder.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to