diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-10-18 12:31:37 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-10-18 12:31:37 -0400 |
| commit | 2e923b0251932ad4a82cc87ec1443a1f1d17073e (patch) | |
| tree | d12032bc9bcfbb8a57659275d1b9b582f23f2ecc /net/ipv4/syncookies.c | |
| parent | ffd8221bc348f8c282d1271883dbe629ea8ae289 (diff) | |
| parent | f2d9da1a8375cbe53df5b415d059429013a3a79f (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Include fixes for netrom and dsa (Fabian Frederick and Florian
Fainelli)
2) Fix FIXED_PHY support in stmmac, from Giuseppe CAVALLARO.
3) Several SKB use after free fixes (vxlan, openvswitch, vxlan,
ip_tunnel, fou), from Li ROngQing.
4) fec driver PTP support fixes from Luwei Zhou and Nimrod Andy.
5) Use after free in virtio_net, from Michael S Tsirkin.
6) Fix flow mask handling for megaflows in openvswitch, from Pravin B
Shelar.
7) ISDN gigaset and capi bug fixes from Tilman Schmidt.
8) Fix route leak in ip_send_unicast_reply(), from Vasily Averin.
9) Fix two eBPF JIT bugs on x86, from Alexei Starovoitov.
10) TCP_SKB_CB() reorganization caused a few regressions, fixed by Cong
Wang and Eric Dumazet.
11) Don't overwrite end of SKB when parsing malformed sctp ASCONF
chunks, from Daniel Borkmann.
12) Don't call sock_kfree_s() with NULL pointers, this function also has
the side effect of adjusting the socket memory usage. From Cong Wang.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (90 commits)
bna: fix skb->truesize underestimation
net: dsa: add includes for ethtool and phy_fixed definitions
openvswitch: Set flow-key members.
netrom: use linux/uaccess.h
dsa: Fix conversion from host device to mii bus
tipc: fix bug in bundled buffer reception
ipv6: introduce tcp_v6_iif()
sfc: add support for skb->xmit_more
r8152: return -EBUSY for runtime suspend
ipv4: fix a potential use after free in fou.c
ipv4: fix a potential use after free in ip_tunnel_core.c
hyperv: Add handling of IP header with option field in netvsc_set_hash()
openvswitch: Create right mask with disabled megaflows
vxlan: fix a free after use
openvswitch: fix a use after free
ipv4: dst_entry leak in ip_send_unicast_reply()
ipv4: clean up cookie_v4_check()
ipv4: share tcp_v4_save_options() with cookie_v4_check()
ipv4: call __ip_options_echo() in cookie_v4_check()
atm: simplify lanai.c by using module_pci_driver
...
Diffstat (limited to 'net/ipv4/syncookies.c')
| -rw-r--r-- | net/ipv4/syncookies.c | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index af660030e3c7..32b98d0207b4 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c | |||
| @@ -255,9 +255,9 @@ bool cookie_check_timestamp(struct tcp_options_received *tcp_opt, | |||
| 255 | } | 255 | } |
| 256 | EXPORT_SYMBOL(cookie_check_timestamp); | 256 | EXPORT_SYMBOL(cookie_check_timestamp); |
| 257 | 257 | ||
| 258 | struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | 258 | struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb) |
| 259 | struct ip_options *opt) | ||
| 260 | { | 259 | { |
| 260 | struct ip_options *opt = &TCP_SKB_CB(skb)->header.h4.opt; | ||
| 261 | struct tcp_options_received tcp_opt; | 261 | struct tcp_options_received tcp_opt; |
| 262 | struct inet_request_sock *ireq; | 262 | struct inet_request_sock *ireq; |
| 263 | struct tcp_request_sock *treq; | 263 | struct tcp_request_sock *treq; |
| @@ -317,15 +317,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
| 317 | /* We throwed the options of the initial SYN away, so we hope | 317 | /* We throwed the options of the initial SYN away, so we hope |
| 318 | * the ACK carries the same options again (see RFC1122 4.2.3.8) | 318 | * the ACK carries the same options again (see RFC1122 4.2.3.8) |
| 319 | */ | 319 | */ |
| 320 | if (opt && opt->optlen) { | 320 | ireq->opt = tcp_v4_save_options(skb); |
| 321 | int opt_size = sizeof(struct ip_options_rcu) + opt->optlen; | ||
| 322 | |||
| 323 | ireq->opt = kmalloc(opt_size, GFP_ATOMIC); | ||
| 324 | if (ireq->opt != NULL && ip_options_echo(&ireq->opt->opt, skb)) { | ||
| 325 | kfree(ireq->opt); | ||
| 326 | ireq->opt = NULL; | ||
| 327 | } | ||
| 328 | } | ||
| 329 | 321 | ||
| 330 | if (security_inet_conn_request(sk, skb, req)) { | 322 | if (security_inet_conn_request(sk, skb, req)) { |
| 331 | reqsk_free(req); | 323 | reqsk_free(req); |
| @@ -344,7 +336,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
| 344 | flowi4_init_output(&fl4, sk->sk_bound_dev_if, ireq->ir_mark, | 336 | flowi4_init_output(&fl4, sk->sk_bound_dev_if, ireq->ir_mark, |
| 345 | RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, | 337 | RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, |
| 346 | inet_sk_flowi_flags(sk), | 338 | inet_sk_flowi_flags(sk), |
| 347 | (opt && opt->srr) ? opt->faddr : ireq->ir_rmt_addr, | 339 | opt->srr ? opt->faddr : ireq->ir_rmt_addr, |
| 348 | ireq->ir_loc_addr, th->source, th->dest); | 340 | ireq->ir_loc_addr, th->source, th->dest); |
| 349 | security_req_classify_flow(req, flowi4_to_flowi(&fl4)); | 341 | security_req_classify_flow(req, flowi4_to_flowi(&fl4)); |
| 350 | rt = ip_route_output_key(sock_net(sk), &fl4); | 342 | rt = ip_route_output_key(sock_net(sk), &fl4); |