1 # Date: Sun, 20 Jun 2004 19:56:26 +0200
2 # From: Erich Schubert <erich@debian.org>
3 # Changes: Rebackported from 2.6.14, Horms <horms@debian.org>
4 # Reported: http://bugs.debian.org/255406
6 # Upstream: Forwarded to upstream
8 Package: kernel-source-2.4.26
11 Some time ago i found a kernel crash in 2.4.x and reported it to LKML.
12 Unfortunately i never recieved a reply, and i didn't see it in recent
13 pre-releases of the 2.4.x kernel.
15 To verify your system is vulnerable (need bridge support):
18 $ brctl addif br0 eth0
19 $ brctl delif br1 eth0
20 (note br1 in last line, not br0! Deleting from the wrong bridge triggers
23 This is a 1:1 backport (100% copy&paste) from 2.6.5 of the fix.
24 Verify yourself, grab the file from 2.6.5, go to the function, copy the
25 code, paste it and the issue is done. Returns "einval" on invalid
26 requests instead of causing an inconsistency and a panic.
28 (fixed sometime in 2.5.x it seems; it might be worth looking at when
29 this was fixed - it might contain other fixes, too.)
31 --- a/net/bridge/br_if.c 2005-11-16 14:46:05.000000000 +0900
32 +++ b/net/bridge/br_if.c 2005-11-16 14:46:09.000000000 +0900
34 int br_del_if(struct net_bridge *br, struct net_device *dev)
37 + struct net_bridge_port *p = dev->br_port;
39 + if (!p || p->br != br)
42 br_write_lock_bh(BR_NETPROTO_LOCK);
43 write_lock(&br->lock);