Copied from the kernel diff: Fix memory corruption caused by snmp_trap_decode: - When snmp_trap_decode fails before the id and address are allocated, the pointers contain random memory, but are freed by the caller (snmp_parse_mangle). - When snmp_trap_decode fails after allocating just the ID, it tries to free both address and ID, but the address pointer still contains random memory. The caller frees both ID and random memory again. - When snmp_trap_decode fails after allocating both, it frees both, and the callers frees both again. The corruption can be triggered remotely when the ip_nat_snmp_basic module is loaded and traffic on port 161 or 162 is NATed. Additionally, see http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4a063739138e2c4e933188d641f1593e01ce8285 for more kernel memory leaks.
Main issue fixed upstream in 2.6.18 (see URL for the git diff) but the other issue (memory leak) isn't fixed in 2.6.18 so please include both patches. Dan, can you get these into genpatches please? Thanks.
Created attachment 87760 [details, diff] Compound Patch (2.4/2.6)
2.6.16.18 is in genpatches Not adding the other one as it only falls in an extremely unlikely code path (kmalloc failing)
All fixed, closing. vapier please bump sh-sources.