From: chrisw@osdl.org <chrisw@osdl.org>
Date: Thu, 17 Mar 2005 00:51:57 +0000 (-0800)
Subject: [PATCH] add fix-proc-net-route-crash.patch and fix-xfrm_find_acq_byseq.patch
X-Git-Tag: v2.6.11.9~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a5f3b4734406963b298f655b373940d656ea6af6;p=thirdparty%2Fkernel%2Fstable-queue.git

[PATCH] add fix-proc-net-route-crash.patch and fix-xfrm_find_acq_byseq.patch
---

diff --git a/queue/fix-proc-net-route-crash.patch b/queue/fix-proc-net-route-crash.patch
new file mode 100644
index 00000000000..58c9b6081aa
--- /dev/null
+++ b/queue/fix-proc-net-route-crash.patch
@@ -0,0 +1,44 @@
+Date: Thu, 17 Mar 2005 01:13:28 +0100
+From kaber@trash.net  Wed Mar 16 16:14:04 2005
+From: Patrick McHardy <kaber@trash.net>
+To: Chris Wright <chrisw@osdl.org>
+CC: linux-kernel@vger.kernel.org, stable@kernel.org, shemminger@osdl.org,
+        torvalds@osdl.org, akpm@osdl.org, alan@lxorguk.ukuu.org.uk,
+	jmforbes@linuxtx.org, zwane@arm.linux.org.uk, cliffw@osdl.org,
+	tytso@mit.edu, rddunlap@osdl.org
+Subject: [PATCH][IPV4] Fix crash while reading /proc/net/route
+
+[IPV4]: Fix crash while reading /proc/net/route caused by stale pointers
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+
+diff -Nru a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c
+--- a/net/ipv4/fib_hash.c	2005-03-17 00:58:42 +01:00
++++ b/net/ipv4/fib_hash.c	2005-03-17 00:58:42 +01:00
+@@ -919,13 +919,23 @@
+ 	return fa;
+ }
+ 
++static struct fib_alias *fib_get_idx(struct seq_file *seq, loff_t pos)
++{
++	struct fib_alias *fa = fib_get_first(seq);
++
++	if (fa)
++		while (pos && (fa = fib_get_next(seq)))
++			--pos;
++	return pos ? NULL : fa;
++}
++
+ static void *fib_seq_start(struct seq_file *seq, loff_t *pos)
+ {
+ 	void *v = NULL;
+ 
+ 	read_lock(&fib_hash_lock);
+ 	if (ip_fib_main_table)
+-		v = *pos ? fib_get_next(seq) : SEQ_START_TOKEN;
++		v = *pos ? fib_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
+ 	return v;
+ }
+ 
diff --git a/queue/fix-xfrm_find_acq_byseq.patch b/queue/fix-xfrm_find_acq_byseq.patch
new file mode 100644
index 00000000000..486b9c7d95c
--- /dev/null
+++ b/queue/fix-xfrm_find_acq_byseq.patch
@@ -0,0 +1,29 @@
+Date: Wed, 16 Mar 2005 14:20:11 -0800
+From: "David S. Miller" <davem@davemloft.net>
+To: stable@kernel.org
+Subject: [PATCH] [IPSEC]: Fix __xfrm_find_acq_byseq()
+
+This function, as it's name implies, is supposed to only
+return IPSEC objects which are in the XFRM_STATE_ACQ
+("acquire") state.  But it returns any object with the
+matching sequence number.
+
+This is wrong and confuses IPSEC daemons to no end.
+
+[XFRM]: xfrm_find_acq_byseq should only return XFRM_STATE_ACQ states.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+
+diff -Nru a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
+--- a/net/xfrm/xfrm_state.c	2005-03-16 14:27:04 -08:00
++++ b/net/xfrm/xfrm_state.c	2005-03-16 14:27:04 -08:00
+@@ -609,7 +609,7 @@
+ 
+ 	for (i = 0; i < XFRM_DST_HSIZE; i++) {
+ 		list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
+-			if (x->km.seq == seq) {
++			if (x->km.seq == seq && x->km.state == XFRM_STATE_ACQ) {
+ 				xfrm_state_hold(x);
+ 				return x;
+ 			}