diff options
author | Adam Langley <agl@imperialviolet.org> | 2008-07-19 03:01:42 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-07-19 03:01:42 -0400 |
commit | 49a72dfb8814c2d65bd9f8c9c6daf6395a1ec58d (patch) | |
tree | 38804d609f21503573bbdd8bb9af38df99275ff5 /include/net | |
parent | 845525a642c1c9e1335c33a274d4273906ee58eb (diff) |
tcp: Fix MD5 signatures for non-linear skbs
Currently, the MD5 code assumes that the SKBs are linear and, in the case
that they aren't, happily goes off and hashes off the end of the SKB and
into random memory.
Reported by Stephen Hemminger in [1]. Advice thanks to Stephen and Evgeniy
Polyakov. Also includes a couple of missed route_caps from Stephen's patch
in [2].
[1] http://marc.info/?l=linux-netdev&m=121445989106145&w=2
[2] http://marc.info/?l=linux-netdev&m=121459157816964&w=2
Signed-off-by: Adam Langley <agl@imperialviolet.org>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/tcp.h | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h index 92d7b551dc55..31f5bbfc59bc 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h | |||
@@ -1112,20 +1112,12 @@ struct tcp_md5sig_pool { | |||
1112 | #define TCP_MD5SIG_MAXKEYS (~(u32)0) /* really?! */ | 1112 | #define TCP_MD5SIG_MAXKEYS (~(u32)0) /* really?! */ |
1113 | 1113 | ||
1114 | /* - functions */ | 1114 | /* - functions */ |
1115 | extern int tcp_calc_md5_hash(char *md5_hash, | 1115 | extern int tcp_v4_md5_hash_skb(char *md5_hash, |
1116 | struct tcp_md5sig_key *key, | 1116 | struct tcp_md5sig_key *key, |
1117 | int bplen, | 1117 | struct sock *sk, |
1118 | struct tcphdr *th, | 1118 | struct request_sock *req, |
1119 | unsigned int tcplen, | 1119 | struct sk_buff *skb); |
1120 | struct tcp_md5sig_pool *hp); | 1120 | |
1121 | |||
1122 | extern int tcp_v4_calc_md5_hash(char *md5_hash, | ||
1123 | struct tcp_md5sig_key *key, | ||
1124 | struct sock *sk, | ||
1125 | struct dst_entry *dst, | ||
1126 | struct request_sock *req, | ||
1127 | struct tcphdr *th, | ||
1128 | unsigned int tcplen); | ||
1129 | extern struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk, | 1121 | extern struct tcp_md5sig_key *tcp_v4_md5_lookup(struct sock *sk, |
1130 | struct sock *addr_sk); | 1122 | struct sock *addr_sk); |
1131 | 1123 | ||
@@ -1152,6 +1144,11 @@ extern void tcp_free_md5sig_pool(void); | |||
1152 | 1144 | ||
1153 | extern struct tcp_md5sig_pool *__tcp_get_md5sig_pool(int cpu); | 1145 | extern struct tcp_md5sig_pool *__tcp_get_md5sig_pool(int cpu); |
1154 | extern void __tcp_put_md5sig_pool(void); | 1146 | extern void __tcp_put_md5sig_pool(void); |
1147 | extern int tcp_md5_hash_header(struct tcp_md5sig_pool *, struct tcphdr *); | ||
1148 | extern int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *, struct sk_buff *, | ||
1149 | unsigned header_len); | ||
1150 | extern int tcp_md5_hash_key(struct tcp_md5sig_pool *hp, | ||
1151 | struct tcp_md5sig_key *key); | ||
1155 | 1152 | ||
1156 | static inline | 1153 | static inline |
1157 | struct tcp_md5sig_pool *tcp_get_md5sig_pool(void) | 1154 | struct tcp_md5sig_pool *tcp_get_md5sig_pool(void) |
@@ -1381,10 +1378,8 @@ struct tcp_sock_af_ops { | |||
1381 | int (*calc_md5_hash) (char *location, | 1378 | int (*calc_md5_hash) (char *location, |
1382 | struct tcp_md5sig_key *md5, | 1379 | struct tcp_md5sig_key *md5, |
1383 | struct sock *sk, | 1380 | struct sock *sk, |
1384 | struct dst_entry *dst, | ||
1385 | struct request_sock *req, | 1381 | struct request_sock *req, |
1386 | struct tcphdr *th, | 1382 | struct sk_buff *skb); |
1387 | unsigned int len); | ||
1388 | int (*md5_add) (struct sock *sk, | 1383 | int (*md5_add) (struct sock *sk, |
1389 | struct sock *addr_sk, | 1384 | struct sock *addr_sk, |
1390 | u8 *newkey, | 1385 | u8 *newkey, |