summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2007-06-23 22:59:40 -0700
committerDavid S. Miller <davem@davemloft.net>2007-06-23 22:59:40 -0700
commit64beb8f3eb3c724add64ca3272915528e10213c1 (patch)
treed1eb9ca05352243e44340f9af403c9532690b252
parentdbbeb2f9917792b989b6269ebfe24257f9aa1618 (diff)
downloadlwn-64beb8f3eb3c724add64ca3272915528e10213c1.tar.gz
lwn-64beb8f3eb3c724add64ca3272915528e10213c1.zip
[TIPC]: Fix infinite loop in netlink handler
The tipc netlink config handler uses the nlmsg_pid from the request header as destination for its reply. If the application initialized nlmsg_pid to 0, the reply is looped back to the kernel, causing hangup. Fix: use nlmsg_pid of the skb that triggered the request. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/tipc/netlink.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c
index 4cdafa2d1d4d..6a7f7b4c2595 100644
--- a/net/tipc/netlink.c
+++ b/net/tipc/netlink.c
@@ -60,7 +60,7 @@ static int handle_cmd(struct sk_buff *skb, struct genl_info *info)
rep_nlh = nlmsg_hdr(rep_buf);
memcpy(rep_nlh, req_nlh, hdr_space);
rep_nlh->nlmsg_len = rep_buf->len;
- genlmsg_unicast(rep_buf, req_nlh->nlmsg_pid);
+ genlmsg_unicast(rep_buf, NETLINK_CB(skb).pid);
}
return 0;