* Patrick McHardy <[EMAIL PROTECTED]> 2006-07-05 01:42
> Thomas Graf wrote:
> > @@ -834,7 +833,7 @@ tc_dump_action(struct sk_buff *skb, stru
> > a.ops = a_o;
> >
> > if (a_o->walk == NULL) {
> > - printk("tc_dump_action: %s !capable of dumping table\n", kind);
> > + pr
On Wed, 2006-05-07 at 01:42 +0200, Patrick McHardy wrote:
> Thomas Graf wrote:
> > if (a_o->walk == NULL) {
> > - printk("tc_dump_action: %s !capable of dumping table\n", kind);
> > + printk("tc_dump_action: %s !capable of dumping table\n",
> > a_o->kind);
> > g
On Wed, 2006-05-07 at 00:00 +0200, Thomas Graf wrote:
> plain text document attachment (act_fix_dump_null_deref)
> The TCA_ACT_KIND attribute is used without checking its
> availability when dumping actions therefore leading to a
> value of 0x4 being dereferenced.
>
> The use of strcmp() in tc_loo
Thomas Graf wrote:
> The TCA_ACT_KIND attribute is used without checking its
> availability when dumping actions therefore leading to a
> value of 0x4 being dereferenced.
>
> The use of strcmp() in tc_lookup_action_n() isn't safe
> when fed with string from an attribute without enforcing
> proper
The TCA_ACT_KIND attribute is used without checking its
availability when dumping actions therefore leading to a
value of 0x4 being dereferenced.
The use of strcmp() in tc_lookup_action_n() isn't safe
when fed with string from an attribute without enforcing
proper NUL termination.
Both bugs can b
