git.proxmox.com Git - mirror_iproute2.git/commit

author	Olivier Fourdan <ofourdan@redhat.com>
	Tue, 25 Nov 2008 12:36:22 +0000 (12:36 +0000)
committer	Stephen Hemminger <stephen.hemminger@vyatta.com>
	Wed, 7 Jan 2009 02:56:03 +0000 (18:56 -0800)
commit	7f71c0cae2db61890474e04ba3a26e40219e5561
tree	350621134d5fac23b27e961d146c2577959c5d49	tree
parent	72c771b20e38eaabb7699625fcdc144a51771f9c	commit \| diff

ip maddr show” on an infiniband address causes a stack corruption

“ip maddr show” on an infiniband address causes a stack corruption
because the length of the address for Infiniband (20 bytes, as
described in kernel doc Documentation/infiniband/ipoib.txt) does not
fit on the 16 bytes of the field in which it gets stored.

The proposed patch increases the size of the hardware address from 4
__u32 to 8 and also adds a check to avoid overriding the available
size while parsing the hardware address.

This bug affects current upstream code AFAICT.

Hope this helps,
Cheers,
Olivier.

“ip maddr show ib0” causes a stack corruption because the length of the address
for Infiniband (20 see kernel doc Documentation/infiniband/ipoib.txt) does not
fit on the 16 bytes of the field in which it gets stored.

The proposed patch increases the size of the hardware address from 4 u32 to 8
and adds a check to avoid overriding the available size while parsing the
hardware address.

include/utils.h		diff \| blob \| blame \| history
ip/ipmaddr.c		diff \| blob \| blame \| history