diff options
author | Adam Langley <agl@imperialviolet.org> | 2008-07-19 03:01:42 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-07-19 03:01:42 -0400 |
commit | 49a72dfb8814c2d65bd9f8c9c6daf6395a1ec58d (patch) | |
tree | 38804d609f21503573bbdd8bb9af38df99275ff5 /net/ipv4/tcp_output.c | |
parent | 845525a642c1c9e1335c33a274d4273906ee58eb (diff) |
tcp: Fix MD5 signatures for non-linear skbs
Currently, the MD5 code assumes that the SKBs are linear and, in the case
that they aren't, happily goes off and hashes off the end of the SKB and
into random memory.
Reported by Stephen Hemminger in [1]. Advice thanks to Stephen and Evgeniy
Polyakov. Also includes a couple of missed route_caps from Stephen's patch
in [2].
[1] http://marc.info/?l=linux-netdev&m=121445989106145&w=2
[2] http://marc.info/?l=linux-netdev&m=121459157816964&w=2
Signed-off-by: Adam Langley <agl@imperialviolet.org>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/tcp_output.c')
-rw-r--r-- | net/ipv4/tcp_output.c | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 36a19707f67f..958ff486165f 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
@@ -540,8 +540,10 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, | |||
540 | * room for it. | 540 | * room for it. |
541 | */ | 541 | */ |
542 | md5 = tp->af_specific->md5_lookup(sk, sk); | 542 | md5 = tp->af_specific->md5_lookup(sk, sk); |
543 | if (md5) | 543 | if (md5) { |
544 | tcp_header_size += TCPOLEN_MD5SIG_ALIGNED; | 544 | tcp_header_size += TCPOLEN_MD5SIG_ALIGNED; |
545 | sk->sk_route_caps &= ~NETIF_F_GSO_MASK; | ||
546 | } | ||
545 | #endif | 547 | #endif |
546 | 548 | ||
547 | skb_push(skb, tcp_header_size); | 549 | skb_push(skb, tcp_header_size); |
@@ -602,10 +604,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it, | |||
602 | /* Calculate the MD5 hash, as we have all we need now */ | 604 | /* Calculate the MD5 hash, as we have all we need now */ |
603 | if (md5) { | 605 | if (md5) { |
604 | tp->af_specific->calc_md5_hash(md5_hash_location, | 606 | tp->af_specific->calc_md5_hash(md5_hash_location, |
605 | md5, | 607 | md5, sk, NULL, skb); |
606 | sk, NULL, NULL, | ||
607 | tcp_hdr(skb), | ||
608 | skb->len); | ||
609 | } | 608 | } |
610 | #endif | 609 | #endif |
611 | 610 | ||
@@ -2264,10 +2263,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, | |||
2264 | /* Okay, we have all we need - do the md5 hash if needed */ | 2263 | /* Okay, we have all we need - do the md5 hash if needed */ |
2265 | if (md5) { | 2264 | if (md5) { |
2266 | tp->af_specific->calc_md5_hash(md5_hash_location, | 2265 | tp->af_specific->calc_md5_hash(md5_hash_location, |
2267 | md5, | 2266 | md5, NULL, req, skb); |
2268 | NULL, dst, req, | ||
2269 | tcp_hdr(skb), | ||
2270 | skb->len); | ||
2271 | } | 2267 | } |
2272 | #endif | 2268 | #endif |
2273 | 2269 | ||