linux-hardened/net
Michal Miroslaw a497097d35 [NETFILTER]: nfnetlink_log: fix NULL pointer dereference
Fix the nasty NULL dereference on multiple packets per netlink message.

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000004
 printing eip:
f8a4b3bf
*pde = 00000000
Oops: 0002 [#1]
SMP
Modules linked in: nfnetlink_log ipt_ttl ipt_REDIRECT xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 xt_state ipt_ipp2p xt_NFLOG xt_hashlimit ip6_tables iptable_filter xt_multiport xt_mark ipt_set iptable_raw xt_MARK iptable_mangle ip_tables cls_fw cls_u32 sch_esfq sch_htb ip_set_ipmap ip_set ipt_ULOG x_tables dm_snapshot dm_mirror loop e1000 parport_pc parport e100 floppy ide_cd cdrom
CPU:    0
EIP:    0060:[<f8a4b3bf>]    Not tainted VLI
EFLAGS: 00010206   (2.6.20 #5)
EIP is at __nfulnl_send+0x24/0x51 [nfnetlink_log]
eax: 00000000   ebx: f2b5cbc0   ecx: c03f5f54   edx: c03f4000
esi: f2b5cbc8   edi: c03f5f54   ebp: f8a4b3ec   esp: c03f5f30
ds: 007b   es: 007b   ss: 0068
Process swapper (pid: 0, ti=c03f4000 task=c03bece0 task.ti=c03f4000)
Stack: f2b5cbc0 f8a4b401 00000100 c0444080 c012af49 00000000 f6f19100 f6f19000
       c1707800 c03f5f54 c03f5f54 00000123 00000021 c03e8d08 c0426380 00000009
       c0126932 00000000 00000046 c03e9980 c03e6000 0047b007 c01269bd 00000000
Call Trace:
 [<f8a4b401>] nfulnl_timer+0x15/0x25 [nfnetlink_log]
 [<c012af49>] run_timer_softirq+0x10a/0x164
 [<c0126932>] __do_softirq+0x60/0xba
 [<c01269bd>] do_softirq+0x31/0x35
 [<c0104f6e>] do_IRQ+0x62/0x74
 [<c01036cb>] common_interrupt+0x23/0x28
 [<c0101018>] default_idle+0x0/0x3f
 [<c0101045>] default_idle+0x2d/0x3f
 [<c01010fa>] cpu_idle+0xa0/0xb9
 [<c03fb7f5>] start_kernel+0x1a8/0x1ac
 [<c03fb293>] unknown_bootoption+0x0/0x181
 =======================
Code: 5e 5f 5b 5e 5f 5d c3 53 89 c3 8d 40 1c 83 7b 1c 00 74 05 e8 2c ee 6d c7 83 7b 14 00 75 04 31 c0 eb 34 83 7b 10 01 76 09 8b 43 18 <66> c7 40 04 03 00 8b 53 34 8b 43 14 b9 40 00 00 00 e8 08 9a 84
EIP: [<f8a4b3bf>] __nfulnl_send+0x24/0x51 [nfnetlink_log] SS:ESP 0068:c03f5f30
 <0>Kernel panic - not syncing: Fatal exception in interrupt
 <0>Rebooting in 5 seconds..

Panic no more!

Signed-off-by: Micha Mirosaw <mirq-linux@rere.qmqm.pl>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-05 13:25:23 -08:00
..
802 [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
8021q [VLAN]: Avoid a 4-order allocation. 2007-03-02 20:44:51 -08:00
appletalk [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
atm [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ax25 [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
bluetooth [Bluetooth] Make use of device_move() for RFCOMM TTY devices 2007-02-26 11:42:41 -08:00
bridge [BRIDGE]: Fix locking of set path cost. 2007-02-28 09:42:12 -08:00
core [NET]: Fix kfree(skb) 2007-02-28 09:42:14 -08:00
dccp [NET]: Fix kfree(skb) 2007-02-28 09:42:14 -08:00
decnet [PATCH] sysctl: remove the proc_dir_entry member for the sysctl tables 2007-02-14 08:10:00 -08:00
econet [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ethernet [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ieee80211 Merge branch 'upstream' into upstream-jgarzik 2007-02-17 18:26:09 -05:00
ipv4 [NETFILTER]: tcp conntrack: accept SYN|URG as valid 2007-03-05 13:25:20 -08:00
ipv6 [NETFILTER]: nf_conntrack/nf_nat: fix incorrect config ifdefs 2007-03-05 13:25:19 -08:00
ipx [IPX]: Remove ancient changelog 2007-02-28 09:42:06 -08:00
irda [IRDA] net/irda/: proper prototypes 2007-02-26 11:42:43 -08:00
iucv [S390]: Add AF_IUCV socket support 2007-02-08 13:51:54 -08:00
key [XFRM]: Fix OOPSes in xfrm_audit_log(). 2007-02-12 13:53:54 -08:00
lapb [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
llc [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
netfilter [NETFILTER]: nfnetlink_log: fix NULL pointer dereference 2007-03-05 13:25:23 -08:00
netlabel [NET]: Fix kfree(skb) 2007-02-28 09:42:14 -08:00
netlink [PATCH] mark struct file_operations const 8 2007-02-12 09:48:46 -08:00
netrom [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
packet [AF_PACKET]: Remove unnecessary casts. 2007-02-26 11:42:45 -08:00
rose [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
rxrpc [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
sched [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
sctp [SCTP]: Strike the transport before updating rto. 2007-02-26 11:42:50 -08:00
sunrpc [PATCH] Convert highest_possible_processor_id to nr_cpu_ids 2007-02-20 17:10:13 -08:00
tipc [NET] TIPC: Fix whitespace errors. 2007-02-10 23:20:15 -08:00
unix [AF_UNIX]: Test against sk_max_ack_backlog properly. 2007-03-02 20:37:34 -08:00
wanrouter [PATCH] mark struct file_operations const 8 2007-02-12 09:48:46 -08:00
x25 [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
xfrm [NET]: Fix kfree(skb) 2007-02-28 09:42:14 -08:00
compat.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
Kconfig [S390]: Rewrite of the IUCV base code, part 2 2007-02-08 13:37:42 -08:00
Makefile [S390]: Rewrite of the IUCV base code, part 2 2007-02-08 13:37:42 -08:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [PATCH] AUDIT_FD_PAIR 2007-02-17 21:30:15 -05:00
sysctl_net.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00