sys-kernel/openvz-sources/files/openvz-sources-2.6.32.10.1-PPPoED-NULL-dereference.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

From: Cyrill Gorcunov <gorcunov@openvz.org>
Date: Wed, 8 Dec 2010 13:28:42 +0000 (+0300)
Subject: net: pppoe - Fix NULL dereference on PPPoED frames
X-Git-Url: http://git.openvz.org/?p=linux-2.6.32-openvz;a=commitdiff_plain;h=09c67a4c47f8dfeac50c3122550e8d8163b2d2d3

net: pppoe - Fix NULL dereference on PPPoED frames

In case if VE configured without VE_FEATURE_PPP
PPPoED frame causes NULL dereference. In real there is
a chance to receive a malformed packet (ie packets with
PPPoE type) which would cause null dereference as well.
Fix both cases.

Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
---

diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c
index 326958b..9bf064c 100644
--- a/drivers/net/pppoe.c
+++ b/drivers/net/pppoe.c
@@ -453,6 +453,8 @@ static int pppoe_rcv(struct sk_buff *skb, struct net_device *dev,
 		goto drop;
 
 	pn = pppoe_pernet(dev_net(dev));
+	if (!pn) /* no VE_FEATURE_PPP */
+		goto drop;
 
 	/* Note that get_item does a sock_hold(), so sk_pppox(po)
 	 * is known to be safe.
@@ -495,6 +497,9 @@ static int pppoe_disc_rcv(struct sk_buff *skb, struct net_device *dev,
 		goto abort;
 
 	pn = pppoe_pernet(dev_net(dev));
+	if (!pn) /* no VE_FEATURE_PPP */
+		goto abort;
+
 	po = get_item(pn, ph->sid, eth_hdr(skb)->h_source, dev->ifindex);
 	if (po) {
 		struct sock *sk = sk_pppox(po);