[BRIDGE] netfilter: memory corruption fix
The bridge-netfilter code will overwrite memory if there is not headroom in the skb to save the header. This first showed up when using Xen with sky2 driver that doesn't allocate the extra space. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Stephen Hemminger
committed by
David S. Miller
David S. Miller
parent
8dbc16033e
commit
3a13813e6e
@@ -40,11 +40,15 @@ int br_dev_queue_push_xmit(struct sk_buff *skb)
|
||||
else {
|
||||
#ifdef CONFIG_BRIDGE_NETFILTER
|
||||
/* ip_refrag calls ip_fragment, doesn't copy the MAC header. */
|
||||
nf_bridge_maybe_copy_header(skb);
|
||||
if (nf_bridge_maybe_copy_header(skb))
|
||||
kfree_skb(skb);
|
||||
else
|
||||
#endif
|
||||
skb_push(skb, ETH_HLEN);
|
||||
{
|
||||
skb_push(skb, ETH_HLEN);
|
||||
|
||||
dev_queue_xmit(skb);
|
||||
dev_queue_xmit(skb);
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
Reference in New Issue
Block a user