Commit 159d8336 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[BRIDGE]: Fix crash in __ip_route_output_key with bridge netfilter

The bridge netfilter code attaches a fake dst_entry with a pointer to a
fake net_device structure to skbs it passes up to IPv4 netfilter. This
leads to crashes when the skb is passed to __ip_route_output_key when
dereferencing the namespace pointer.

Since bridging can currently only operate in the init_net namespace,
the easiest fix for now is to initialize the nd_net pointer of the
fake net_device struct to &init_net.

Should fix bugzilla 10323: http://bugzilla.kernel.org/show_bug.cgi?id=10323Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4dee9597
...@@ -110,7 +110,8 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb) ...@@ -110,7 +110,8 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb)
* ipt_REJECT needs it. Future netfilter modules might * ipt_REJECT needs it. Future netfilter modules might
* require us to fill additional fields. */ * require us to fill additional fields. */
static struct net_device __fake_net_device = { static struct net_device __fake_net_device = {
.hard_header_len = ETH_HLEN .hard_header_len = ETH_HLEN,
.nd_net = &init_net,
}; };
static struct rtable __fake_rtable = { static struct rtable __fake_rtable = {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment