[CVE-2010-4263 Lucid] igb: only use vlan_gro_receive if vlans are registered, CVE-2010-4263

Tim Gardner tim.gardner at canonical.com
Fri Mar 18 01:29:49 UTC 2011 

On 03/17/2011 12:47 PM, Leann Ogasawara wrote:
> The following changes since commit 78006f719c80cc01424fb9a9d3bbd06eeba4dd13:
>    Stefan Bader (1):
>          Linux 2.6.32.33+drm33.15
>
> are available in the git repository at:
>
>    git://kernel.ubuntu.com/ogasawara/ubuntu-lucid.git CVE-2010-4263
>
> Alexander Duyck (1):
>        igb: only use vlan_gro_receive if vlans are registered, CVE-2010-4263
>
>   drivers/net/igb/igb_main.c |    2 +-
>   1 files changed, 1 insertions(+), 1 deletions(-)
>
>  From 6ca830ea2699dc4456805c1fa42795d892265e08 Mon Sep 17 00:00:00 2001
> From: Alexander Duyck<alexander.h.duyck at intel.com>
> Date: Tue, 23 Mar 2010 18:35:18 +0000
> Subject: [PATCH] igb: only use vlan_gro_receive if vlans are registered, CVE-2010-4263
>
> CVE-2010-4263
>
> BugLink: http://bugs.launchpad.net/bugs/737024
>
> This change makes it so that vlan_gro_receive is only used if vlans have been
> registered to the adapter structure.  Previously we were just sending all vlan
> tagged frames in via this function but this results in a null pointer
> dereference when vlans are not registered.
>
> [ This fixes bugzilla entry 15582 -Eric Dumazet]
>
> Signed-off-by: Alexander Duyck<alexander.h.duyck at intel.com>
> Signed-off-by: Jeff Kirsher<jeffrey.t.kirsher at intel.com>
> Acked-by: Eric Dumazet<eric.dumazet at gmail.com>
> Signed-off-by: David S. Miller<davem at davemloft.net>
> (cherry picked from commit 31b24b955c3ebbb6f3008a6374e61cf7c05a193c)
>
> Signed-off-by: Leann Ogasawara<leann.ogasawara at canonical.com>
> ---
>   drivers/net/igb/igb_main.c |    2 +-
>   1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/net/igb/igb_main.c b/drivers/net/igb/igb_main.c
> index 4d0534d..4370842 100644
> --- a/drivers/net/igb/igb_main.c
> +++ b/drivers/net/igb/igb_main.c
> @@ -5011,7 +5011,7 @@ static void igb_receive_skb(struct igb_q_vector *q_vector,
>   {
>   	struct igb_adapter *adapter = q_vector->adapter;
>
> -	if (vlan_tag)
> +	if (vlan_tag&&  adapter->vlgrp)
>   		vlan_gro_receive(&q_vector->napi, adapter->vlgrp,
>   		                 vlan_tag, skb);
>   	else

applied

-- 
Tim Gardner tim.gardner at canonical.com

More information about the kernel-team mailing list