diff options
author | Arnaldo Carvalho de Melo <acme@redhat.com> | 2008-06-10 15:39:35 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-06-10 15:39:35 -0400 |
commit | ce4a7d0d48bbaed78ccbb0bafb9229651a40303a (patch) | |
tree | df8770ef69c71a0d6935154add3ff3f4bb8dbc3a | |
parent | 45d465bc237ab1e1ebb4c65b9b318830dafb7509 (diff) |
inet{6}_request_sock: Init ->opt and ->pktopts in the constructor
Wei Yongjun noticed that we may call reqsk_free on request sock objects where
the opt fields may not be initialized, fix it by introducing inet_reqsk_alloc
where we initialize ->opt to NULL and set ->pktopts to NULL in
inet6_reqsk_alloc.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/ipv6.h | 4 | ||||
-rw-r--r-- | include/net/inet_sock.h | 10 | ||||
-rw-r--r-- | net/dccp/ipv4.c | 3 | ||||
-rw-r--r-- | net/dccp/ipv6.c | 1 | ||||
-rw-r--r-- | net/ipv4/syncookies.c | 3 | ||||
-rw-r--r-- | net/ipv4/tcp_ipv4.c | 2 | ||||
-rw-r--r-- | net/ipv6/syncookies.c | 1 | ||||
-rw-r--r-- | net/ipv6/tcp_ipv6.c | 1 |
8 files changed, 16 insertions, 9 deletions
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h index 10b666b61add..cde056e08181 100644 --- a/include/linux/ipv6.h +++ b/include/linux/ipv6.h | |||
@@ -396,8 +396,10 @@ static inline struct request_sock *inet6_reqsk_alloc(struct request_sock_ops *op | |||
396 | { | 396 | { |
397 | struct request_sock *req = reqsk_alloc(ops); | 397 | struct request_sock *req = reqsk_alloc(ops); |
398 | 398 | ||
399 | if (req != NULL) | 399 | if (req != NULL) { |
400 | inet_rsk(req)->inet6_rsk_offset = inet6_rsk_offset(req); | 400 | inet_rsk(req)->inet6_rsk_offset = inet6_rsk_offset(req); |
401 | inet6_rsk(req)->pktopts = NULL; | ||
402 | } | ||
401 | 403 | ||
402 | return req; | 404 | return req; |
403 | } | 405 | } |
diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h index a42cd63d241a..9fabe5b38912 100644 --- a/include/net/inet_sock.h +++ b/include/net/inet_sock.h | |||
@@ -197,4 +197,14 @@ static inline int inet_iif(const struct sk_buff *skb) | |||
197 | return skb->rtable->rt_iif; | 197 | return skb->rtable->rt_iif; |
198 | } | 198 | } |
199 | 199 | ||
200 | static inline struct request_sock *inet_reqsk_alloc(struct request_sock_ops *ops) | ||
201 | { | ||
202 | struct request_sock *req = reqsk_alloc(ops); | ||
203 | |||
204 | if (req != NULL) | ||
205 | inet_rsk(req)->opt = NULL; | ||
206 | |||
207 | return req; | ||
208 | } | ||
209 | |||
200 | #endif /* _INET_SOCK_H */ | 210 | #endif /* _INET_SOCK_H */ |
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c index c22a3780c14e..37d27bcb361f 100644 --- a/net/dccp/ipv4.c +++ b/net/dccp/ipv4.c | |||
@@ -589,7 +589,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
589 | if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) | 589 | if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) |
590 | goto drop; | 590 | goto drop; |
591 | 591 | ||
592 | req = reqsk_alloc(&dccp_request_sock_ops); | 592 | req = inet_reqsk_alloc(&dccp_request_sock_ops); |
593 | if (req == NULL) | 593 | if (req == NULL) |
594 | goto drop; | 594 | goto drop; |
595 | 595 | ||
@@ -605,7 +605,6 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
605 | ireq = inet_rsk(req); | 605 | ireq = inet_rsk(req); |
606 | ireq->loc_addr = ip_hdr(skb)->daddr; | 606 | ireq->loc_addr = ip_hdr(skb)->daddr; |
607 | ireq->rmt_addr = ip_hdr(skb)->saddr; | 607 | ireq->rmt_addr = ip_hdr(skb)->saddr; |
608 | ireq->opt = NULL; | ||
609 | 608 | ||
610 | /* | 609 | /* |
611 | * Step 3: Process LISTEN state | 610 | * Step 3: Process LISTEN state |
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index 9b1129bb7ece..f7fe2a572d7b 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c | |||
@@ -421,7 +421,6 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb) | |||
421 | ireq6 = inet6_rsk(req); | 421 | ireq6 = inet6_rsk(req); |
422 | ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr); | 422 | ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr); |
423 | ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr); | 423 | ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr); |
424 | ireq6->pktopts = NULL; | ||
425 | 424 | ||
426 | if (ipv6_opt_accepted(sk, skb) || | 425 | if (ipv6_opt_accepted(sk, skb) || |
427 | np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || | 426 | np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || |
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 73ba98921d64..d182a2a26291 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c | |||
@@ -285,7 +285,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
285 | cookie_check_timestamp(&tcp_opt); | 285 | cookie_check_timestamp(&tcp_opt); |
286 | 286 | ||
287 | ret = NULL; | 287 | ret = NULL; |
288 | req = reqsk_alloc(&tcp_request_sock_ops); /* for safety */ | 288 | req = inet_reqsk_alloc(&tcp_request_sock_ops); /* for safety */ |
289 | if (!req) | 289 | if (!req) |
290 | goto out; | 290 | goto out; |
291 | 291 | ||
@@ -301,7 +301,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
301 | ireq->rmt_port = th->source; | 301 | ireq->rmt_port = th->source; |
302 | ireq->loc_addr = ip_hdr(skb)->daddr; | 302 | ireq->loc_addr = ip_hdr(skb)->daddr; |
303 | ireq->rmt_addr = ip_hdr(skb)->saddr; | 303 | ireq->rmt_addr = ip_hdr(skb)->saddr; |
304 | ireq->opt = NULL; | ||
305 | ireq->snd_wscale = tcp_opt.snd_wscale; | 304 | ireq->snd_wscale = tcp_opt.snd_wscale; |
306 | ireq->rcv_wscale = tcp_opt.rcv_wscale; | 305 | ireq->rcv_wscale = tcp_opt.rcv_wscale; |
307 | ireq->sack_ok = tcp_opt.sack_ok; | 306 | ireq->sack_ok = tcp_opt.sack_ok; |
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index cd601a866c2f..4f8485c67d1a 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
@@ -1285,7 +1285,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
1285 | if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) | 1285 | if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) |
1286 | goto drop; | 1286 | goto drop; |
1287 | 1287 | ||
1288 | req = reqsk_alloc(&tcp_request_sock_ops); | 1288 | req = inet_reqsk_alloc(&tcp_request_sock_ops); |
1289 | if (!req) | 1289 | if (!req) |
1290 | goto drop; | 1290 | goto drop; |
1291 | 1291 | ||
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 938ce4ecde55..3ecc1157994e 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c | |||
@@ -198,7 +198,6 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) | |||
198 | ireq = inet_rsk(req); | 198 | ireq = inet_rsk(req); |
199 | ireq6 = inet6_rsk(req); | 199 | ireq6 = inet6_rsk(req); |
200 | treq = tcp_rsk(req); | 200 | treq = tcp_rsk(req); |
201 | ireq6->pktopts = NULL; | ||
202 | 201 | ||
203 | if (security_inet_conn_request(sk, skb, req)) { | 202 | if (security_inet_conn_request(sk, skb, req)) { |
204 | reqsk_free(req); | 203 | reqsk_free(req); |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 715965f0fac0..cb46749d4c32 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
@@ -1299,7 +1299,6 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb) | |||
1299 | treq = inet6_rsk(req); | 1299 | treq = inet6_rsk(req); |
1300 | ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); | 1300 | ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); |
1301 | ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); | 1301 | ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); |
1302 | treq->pktopts = NULL; | ||
1303 | if (!want_cookie) | 1302 | if (!want_cookie) |
1304 | TCP_ECN_create_request(req, tcp_hdr(skb)); | 1303 | TCP_ECN_create_request(req, tcp_hdr(skb)); |
1305 | 1304 | ||