summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-01-20 06:25:48 -0800
committerDavid S. Miller <davem@davemloft.net>2008-01-20 20:31:41 -0800
commit2dc2f207fb251666d2396fe1a69272b307ecc333 (patch)
treefb18f4f6ac06050cca0c39c20f075285e88d98fa /security
parent398bcbebb6f721ac308df1e3d658c0029bb74503 (diff)
downloadlinux-2dc2f207fb251666d2396fe1a69272b307ecc333.tar.bz2
[NETFILTER]: bridge-netfilter: fix net_device refcnt leaks
When packets are flood-forwarded to multiple output devices, the bridge-netfilter code reuses skb->nf_bridge for each clone to store the bridge port. When queueing packets using NFQUEUE netfilter takes a reference to skb->nf_bridge->physoutdev, which is overwritten when the packet is forwarded to the second port. This causes refcount unterflows for the first device and refcount leaks for all others. Additionally this provides incorrect data to the iptables physdev match. Unshare skb->nf_bridge by copying it if it is shared before assigning the physoutdev device. Reported, tested and based on initial patch by Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions