[Bridge] [PATCH v2] bridge: Fix crash with vlan filtering and tcpdump

David Miller davem at davemloft.net
Fri Mar 28 21:14:17 UTC 2014


From: Vlad Yasevich <vyasevic at redhat.com>
Date: Thu, 27 Mar 2014 21:51:18 -0400

> When the vlan filtering is enabled on the bridge, but
> the filter is not configured on the bridge device itself,
> running tcpdump on the bridge device will result in a
> an Oops with NULL pointer dereference.  The reason
> is that br_pass_frame_up() will bypass the vlan
> check because promisc flag is set.  It will then try
> to get the table pointer and process the packet based
> on the table.  Since the table pointer is NULL, we oops.
> Catch this special condition in br_handle_vlan().
> 
> Reported-by: Toshiaki Makita <makita.toshiaki at lab.ntt.co.jp>
> CC: Toshiaki Makita <makita.toshiaki at lab.ntt.co.jp>
> Signed-off-by: Vlad Yasevich <vyasevic at redhat.com>
> ---
> 
> * Changed to use kfree_skb() instead of kfree_skb_list() to
>   match the reset of bridge code.
> * Fix-up {} style.

Applied, thanks.


More information about the Bridge mailing list