All of lore.kernel.org
 help / color / mirror / Atom feed
From: Balazs Scheidler <bazsi@balabit.hu>
To: Martin Josefsson <gandalf@wlug.westbo.se>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: oops in replace_in_hashes
Date: Fri, 25 Jul 2003 19:35:56 +0200	[thread overview]
Message-ID: <20030725173555.GA7458@balabit.hu> (raw)
In-Reply-To: <20030725135020.GA6433@balabit.hu>

> As I see it is quite unlikely that the same memory area is used for
> different purposes when a kmem_cache is used, as kmem_cache tries to reuse
> blocks. I therefore think that we face a use-after-free conntrack scenario.
> 
> Any other thoughts, hints?

One little addition, which might prove to be important, is that the bogus
next pointer which is tried to be dereferenced contains the IP address of the
last SNAT mapping that was being made. The manips array of the ip_nat_info
structure is only a couple of bytes away, hm... 

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1

  reply	other threads:[~2003-07-25 17:35 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-25  8:57 oops in replace_in_hashes Balazs Scheidler
2003-07-25  9:08 ` Martin Josefsson
2003-07-25 10:41   ` Balazs Scheidler
2003-07-25 13:50   ` Balazs Scheidler
2003-07-25 17:35     ` Balazs Scheidler [this message]
2003-07-25 18:22       ` Henrik Nordstrom
2003-07-25 20:16         ` Harald Welte
2003-07-25 20:31           ` Balazs Scheidler
2003-07-25 20:08       ` Balazs Scheidler
2003-08-05 10:32 Yuval Pemper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030725173555.GA7458@balabit.hu \
    --to=bazsi@balabit.hu \
    --cc=gandalf@wlug.westbo.se \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.