From: Stephen Hemminger Date: Tue, 18 Apr 2006 00:27:11 +0000 (-0700) Subject: [IPV4]: ip_route_input panic fix X-Git-Tag: firefly_0821_release~36113^2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=d2c962b8530b84f4e035df8ade7e35f353a57cbe;p=firefly-linux-kernel-4.4.55.git [IPV4]: ip_route_input panic fix This fixes http://bugzilla.kernel.org/show_bug.cgi?id=6388 The bug is caused by ip_route_input dereferencing skb->nh.protocol of the dummy skb passed dow from inet_rtm_getroute (Thanks Thomas for seeing it). It only happens if the route requested is for a multicast IP address. Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller --- diff --git a/net/ipv4/route.c b/net/ipv4/route.c index ff434821909f..cc9423de7311 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2741,7 +2741,10 @@ int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg) /* Reserve room for dummy headers, this skb can pass through good chunk of routing engine. */ - skb->mac.raw = skb->data; + skb->mac.raw = skb->nh.raw = skb->data; + + /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */ + skb->nh.iph->protocol = IPPROTO_ICMP; skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr)); if (rta[RTA_SRC - 1])