aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorCong Wang <amwang@redhat.com>2013-07-02 02:49:34 -0400
committerDavid S. Miller <davem@davemloft.net>2013-07-02 04:13:09 -0400
commit3b7b514f44bff05d26a6499c4d4fac2a83938e6e (patch)
tree348ddec500211ad6dea16f7725d26ae790446f7b /net/ipv4
parente1558a93b61962710733dc8c11a2bc765607f1cd (diff)
ipip: fix a regression in ioctl
This is a regression introduced by commit fd58156e456d9f68fe0448 (IPIP: Use ip-tunneling code.) Similar to GRE tunnel, previously we only check the parameters for SIOCADDTUNNEL and SIOCCHGTUNNEL, after that commit, the check is moved for all commands. So, just check for SIOCADDTUNNEL and SIOCCHGTUNNEL. Also, the check for i_key, o_key etc. is suspicious too, which did not exist before, reset them before passing to ip_tunnel_ioctl(). Cc: Pravin B Shelar <pshelar@nicira.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Cong Wang <amwang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/ipip.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index e6905fbda2a2..51fc2a1dcdd3 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -244,11 +244,13 @@ ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
244 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 244 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
245 return -EFAULT; 245 return -EFAULT;
246 246
247 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP || 247 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
248 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF))) 248 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
249 return -EINVAL; 249 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
250 if (p.i_key || p.o_key || p.i_flags || p.o_flags) 250 return -EINVAL;
251 return -EINVAL; 251 }
252
253 p.i_key = p.o_key = p.i_flags = p.o_flags = 0;
252 if (p.iph.ttl) 254 if (p.iph.ttl)
253 p.iph.frag_off |= htons(IP_DF); 255 p.iph.frag_off |= htons(IP_DF);
254 256