diff options
author | Gerrit Renker <gerrit@erg.abdn.ac.uk> | 2008-07-21 16:35:08 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-07-21 16:35:08 -0400 |
commit | 47112e25da41d9059626033986dc3353e101f815 (patch) | |
tree | 72857968c318960ba50a4cc7232041228e8361dc | |
parent | 6579e57b31d79d31d9b806e41ba48774e73257dc (diff) |
udplite: Protection against coverage value wrap-around
This patch clamps the cscov setsockopt values to a maximum of 0xFFFF.
Setsockopt values greater than 0xffff can cause an unwanted
wrap-around. Further, IPv6 jumbograms are not supported (RFC 3838,
3.5), so that values greater than 0xffff are not even useful.
Further changes: fixed a typo in the documentation.
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | Documentation/networking/udplite.txt | 2 | ||||
-rw-r--r-- | net/ipv4/udp.c | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/Documentation/networking/udplite.txt b/Documentation/networking/udplite.txt index 3870f280280b..855d8da57a23 100644 --- a/Documentation/networking/udplite.txt +++ b/Documentation/networking/udplite.txt | |||
@@ -148,7 +148,7 @@ | |||
148 | getsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, &value, ...); | 148 | getsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, &value, ...); |
149 | 149 | ||
150 | is meaningless (as in TCP). Packets with a zero checksum field are | 150 | is meaningless (as in TCP). Packets with a zero checksum field are |
151 | illegal (cf. RFC 3828, sec. 3.1) will be silently discarded. | 151 | illegal (cf. RFC 3828, sec. 3.1) and will be silently discarded. |
152 | 152 | ||
153 | 4) Fragmentation | 153 | 4) Fragmentation |
154 | 154 | ||
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index a751770947a3..383d17359d01 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c | |||
@@ -1325,6 +1325,8 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname, | |||
1325 | return -ENOPROTOOPT; | 1325 | return -ENOPROTOOPT; |
1326 | if (val != 0 && val < 8) /* Illegal coverage: use default (8) */ | 1326 | if (val != 0 && val < 8) /* Illegal coverage: use default (8) */ |
1327 | val = 8; | 1327 | val = 8; |
1328 | else if (val > USHORT_MAX) | ||
1329 | val = USHORT_MAX; | ||
1328 | up->pcslen = val; | 1330 | up->pcslen = val; |
1329 | up->pcflag |= UDPLITE_SEND_CC; | 1331 | up->pcflag |= UDPLITE_SEND_CC; |
1330 | break; | 1332 | break; |
@@ -1337,6 +1339,8 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname, | |||
1337 | return -ENOPROTOOPT; | 1339 | return -ENOPROTOOPT; |
1338 | if (val != 0 && val < 8) /* Avoid silly minimal values. */ | 1340 | if (val != 0 && val < 8) /* Avoid silly minimal values. */ |
1339 | val = 8; | 1341 | val = 8; |
1342 | else if (val > USHORT_MAX) | ||
1343 | val = USHORT_MAX; | ||
1340 | up->pcrlen = val; | 1344 | up->pcrlen = val; |
1341 | up->pcflag |= UDPLITE_RECV_CC; | 1345 | up->pcflag |= UDPLITE_RECV_CC; |
1342 | break; | 1346 | break; |