On Wed, 2006-05-07 at 00:00 +0200, Thomas Graf wrote: > plain text document attachment (act_fix_dump_null_deref) > The TCA_ACT_KIND attribute is used without checking its > availability when dumping actions therefore leading to a > value of 0x4 being dereferenced. > > The use of strcmp() in tc_lookup_action_n() isn't safe > when fed with string from an attribute without enforcing > proper NUL termination. > > Both bugs can be triggered with malformed netlink message > and don't require any privileges. > > Signed-off-by: Thomas Graf <[EMAIL PROTECTED]> >
Good catch. Acked-by: Jamal Hadi Salim <[EMAIL PROTECTED]> cheers, jamal - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
