diff options
| author | Arnaldo Carvalho de Melo <acme@redhat.com> | 2008-06-10 15:39:35 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-06-10 15:39:35 -0400 |
| commit | ce4a7d0d48bbaed78ccbb0bafb9229651a40303a (patch) | |
| tree | df8770ef69c71a0d6935154add3ff3f4bb8dbc3a | |
| parent | 45d465bc237ab1e1ebb4c65b9b318830dafb7509 (diff) | |
inet{6}_request_sock: Init ->opt and ->pktopts in the constructor
Wei Yongjun noticed that we may call reqsk_free on request sock objects where
the opt fields may not be initialized, fix it by introducing inet_reqsk_alloc
where we initialize ->opt to NULL and set ->pktopts to NULL in
inet6_reqsk_alloc.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/ipv6.h | 4 | ||||
| -rw-r--r-- | include/net/inet_sock.h | 10 | ||||
| -rw-r--r-- | net/dccp/ipv4.c | 3 | ||||
| -rw-r--r-- | net/dccp/ipv6.c | 1 | ||||
| -rw-r--r-- | net/ipv4/syncookies.c | 3 | ||||
| -rw-r--r-- | net/ipv4/tcp_ipv4.c | 2 | ||||
| -rw-r--r-- | net/ipv6/syncookies.c | 1 | ||||
| -rw-r--r-- | net/ipv6/tcp_ipv6.c | 1 |
8 files changed, 16 insertions, 9 deletions
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h index 10b666b61add..cde056e08181 100644 --- a/include/linux/ipv6.h +++ b/include/linux/ipv6.h | |||
| @@ -396,8 +396,10 @@ static inline struct request_sock *inet6_reqsk_alloc(struct request_sock_ops *op | |||
| 396 | { | 396 | { |
| 397 | struct request_sock *req = reqsk_alloc(ops); | 397 | struct request_sock *req = reqsk_alloc(ops); |
| 398 | 398 | ||
| 399 | if (req != NULL) | 399 | if (req != NULL) { |
| 400 | inet_rsk(req)->inet6_rsk_offset = inet6_rsk_offset(req); | 400 | inet_rsk(req)->inet6_rsk_offset = inet6_rsk_offset(req); |
| 401 | inet6_rsk(req)->pktopts = NULL; | ||
| 402 | } | ||
| 401 | 403 | ||
| 402 | return req; | 404 | return req; |
| 403 | } | 405 | } |
diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h index a42cd63d241a..9fabe5b38912 100644 --- a/include/net/inet_sock.h +++ b/include/net/inet_sock.h | |||
| @@ -197,4 +197,14 @@ static inline int inet_iif(const struct sk_buff *skb) | |||
| 197 | return skb->rtable->rt_iif; | 197 | return skb->rtable->rt_iif; |
| 198 | } | 198 | } |
| 199 | 199 | ||
| 200 | static inline struct request_sock *inet_reqsk_alloc(struct request_sock_ops *ops) | ||
| 201 | { | ||
| 202 | struct request_sock *req = reqsk_alloc(ops); | ||
| 203 | |||
| 204 | if (req != NULL) | ||
| 205 | inet_rsk(req)->opt = NULL; | ||
| 206 | |||
| 207 | return req; | ||
| 208 | } | ||
| 209 | |||
| 200 | #endif /* _INET_SOCK_H */ | 210 | #endif /* _INET_SOCK_H */ |
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c index c22a3780c14e..37d27bcb361f 100644 --- a/net/dccp/ipv4.c +++ b/net/dccp/ipv4.c | |||
| @@ -589,7 +589,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 589 | if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) | 589 | if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) |
| 590 | goto drop; | 590 | goto drop; |
| 591 | 591 | ||
| 592 | req = reqsk_alloc(&dccp_request_sock_ops); | 592 | req = inet_reqsk_alloc(&dccp_request_sock_ops); |
| 593 | if (req == NULL) | 593 | if (req == NULL) |
| 594 | goto drop; | 594 | goto drop; |
| 595 | 595 | ||
| @@ -605,7 +605,6 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 605 | ireq = inet_rsk(req); | 605 | ireq = inet_rsk(req); |
| 606 | ireq->loc_addr = ip_hdr(skb)->daddr; | 606 | ireq->loc_addr = ip_hdr(skb)->daddr; |
| 607 | ireq->rmt_addr = ip_hdr(skb)->saddr; | 607 | ireq->rmt_addr = ip_hdr(skb)->saddr; |
| 608 | ireq->opt = NULL; | ||
| 609 | 608 | ||
| 610 | /* | 609 | /* |
| 611 | * Step 3: Process LISTEN state | 610 | * Step 3: Process LISTEN state |
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index 9b1129bb7ece..f7fe2a572d7b 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c | |||
| @@ -421,7 +421,6 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 421 | ireq6 = inet6_rsk(req); | 421 | ireq6 = inet6_rsk(req); |
| 422 | ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr); | 422 | ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr); |
| 423 | ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr); | 423 | ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr); |
| 424 | ireq6->pktopts = NULL; | ||
| 425 | 424 | ||
| 426 | if (ipv6_opt_accepted(sk, skb) || | 425 | if (ipv6_opt_accepted(sk, skb) || |
| 427 | np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || | 426 | np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || |
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 73ba98921d64..d182a2a26291 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c | |||
| @@ -285,7 +285,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
| 285 | cookie_check_timestamp(&tcp_opt); | 285 | cookie_check_timestamp(&tcp_opt); |
| 286 | 286 | ||
| 287 | ret = NULL; | 287 | ret = NULL; |
| 288 | req = reqsk_alloc(&tcp_request_sock_ops); /* for safety */ | 288 | req = inet_reqsk_alloc(&tcp_request_sock_ops); /* for safety */ |
| 289 | if (!req) | 289 | if (!req) |
| 290 | goto out; | 290 | goto out; |
| 291 | 291 | ||
| @@ -301,7 +301,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
| 301 | ireq->rmt_port = th->source; | 301 | ireq->rmt_port = th->source; |
| 302 | ireq->loc_addr = ip_hdr(skb)->daddr; | 302 | ireq->loc_addr = ip_hdr(skb)->daddr; |
| 303 | ireq->rmt_addr = ip_hdr(skb)->saddr; | 303 | ireq->rmt_addr = ip_hdr(skb)->saddr; |
| 304 | ireq->opt = NULL; | ||
| 305 | ireq->snd_wscale = tcp_opt.snd_wscale; | 304 | ireq->snd_wscale = tcp_opt.snd_wscale; |
| 306 | ireq->rcv_wscale = tcp_opt.rcv_wscale; | 305 | ireq->rcv_wscale = tcp_opt.rcv_wscale; |
| 307 | ireq->sack_ok = tcp_opt.sack_ok; | 306 | ireq->sack_ok = tcp_opt.sack_ok; |
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index cd601a866c2f..4f8485c67d1a 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
| @@ -1285,7 +1285,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1285 | if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) | 1285 | if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) |
| 1286 | goto drop; | 1286 | goto drop; |
| 1287 | 1287 | ||
| 1288 | req = reqsk_alloc(&tcp_request_sock_ops); | 1288 | req = inet_reqsk_alloc(&tcp_request_sock_ops); |
| 1289 | if (!req) | 1289 | if (!req) |
| 1290 | goto drop; | 1290 | goto drop; |
| 1291 | 1291 | ||
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 938ce4ecde55..3ecc1157994e 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c | |||
| @@ -198,7 +198,6 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) | |||
| 198 | ireq = inet_rsk(req); | 198 | ireq = inet_rsk(req); |
| 199 | ireq6 = inet6_rsk(req); | 199 | ireq6 = inet6_rsk(req); |
| 200 | treq = tcp_rsk(req); | 200 | treq = tcp_rsk(req); |
| 201 | ireq6->pktopts = NULL; | ||
| 202 | 201 | ||
| 203 | if (security_inet_conn_request(sk, skb, req)) { | 202 | if (security_inet_conn_request(sk, skb, req)) { |
| 204 | reqsk_free(req); | 203 | reqsk_free(req); |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 715965f0fac0..cb46749d4c32 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
| @@ -1299,7 +1299,6 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) | |||
| 1299 | treq = inet6_rsk(req); | 1299 | treq = inet6_rsk(req); |
| 1300 | ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); | 1300 | ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); |
| 1301 | ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); | 1301 | ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); |
| 1302 | treq->pktopts = NULL; | ||
| 1303 | if (!want_cookie) | 1302 | if (!want_cookie) |
| 1304 | TCP_ECN_create_request(req, tcp_hdr(skb)); | 1303 | TCP_ECN_create_request(req, tcp_hdr(skb)); |
| 1305 | 1304 | ||