summaryrefslogtreecommitdiffstats
path: root/net/xfrm/xfrm_state.c
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-12-12 10:35:16 -0800
committerDavid S. Miller <davem@sunset.davemloft.net>2007-12-14 13:54:35 -0800
commita18aa31b7774d8b36048e256a02d9d689533fc96 (patch)
tree095e8f12e838b819961adea85738c0a6e72048a9 /net/xfrm/xfrm_state.c
parentf2a89004da23a5ed2d78ac5550ccda5b714fe7d0 (diff)
[NETFILTER]: ip_tables: fix compat copy race
When copying entries to user, the kernel makes two passes through the data, first copying all the entries, then fixing up names and counters. On the second pass it copies the kernel and match data from userspace to the kernel again to find the corresponding structures, expecting that kernel pointers contained in the data are still valid. This is obviously broken, fix by avoiding the second pass completely and fixing names and counters while dumping the ruleset, using the kernel-internal data structures. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_state.c')
0 files changed, 0 insertions, 0 deletions