commit 64beb8f3eb3c724add64ca3272915528e10213c1 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[TIPC]: Fix infinite loop in netlink handler

The tipc netlink config handler uses the nlmsg_pid from the
request header as destination for its reply. If the application
initialized nlmsg_pid to 0, the reply is looped back to the kernel,
causing hangup. Fix: use nlmsg_pid of the skb that triggered the
request.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by Florian Westphal and committed by David S. Miller 18 years ago 64beb8f3 dbbeb2f9

+1 -1

1 changed file

expand all

unified split

net

tipc

netlink.c

+1 -1

net/tipc/netlink.c

··· 60 rep_nlh = nlmsg_hdr(rep_buf); 61 memcpy(rep_nlh, req_nlh, hdr_space); 62 rep_nlh->nlmsg_len = rep_buf->len; 63 - genlmsg_unicast(rep_buf, req_nlh->nlmsg_pid); 64 } 65 66 return 0;

··· 60 rep_nlh = nlmsg_hdr(rep_buf); 61 memcpy(rep_nlh, req_nlh, hdr_space); 62 rep_nlh->nlmsg_len = rep_buf->len; 63 + genlmsg_unicast(rep_buf, NETLINK_CB(skb).pid); 64 } 65 66 return 0;