IPX is not checking for non-linear (and short packets) in it's receive routine.
This is serious because it may mean it ends up reading past end of skb.
This maybe related to this bug, because sky2 will copy small packets into small
skb's.
http://bugzilla.kernel.org/show_bug.cgi?id=6693
Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]>
--- a/net/ipx/af_ipx.c 2006-07-07 13:02:31.000000000 -0700
+++ b/net/ipx/af_ipx.c 2006-08-07 13:18:08.000000000 -0700
@@ -1642,6 +1642,9 @@
if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
goto out;
+ if (!pskb_may_pull(skb, sizeof(struct ipxhdr)))
+ goto drop;
+
ipx = ipx_hdr(skb);
ipx_pktsize = ntohs(ipx->ipx_pktsize);
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
