diff options
author | David S. Miller <davem@davemloft.net> | 2011-09-16 01:09:02 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-09-16 01:09:02 -0400 |
commit | 52b9aca7ae8726d1fb41b97dd1d243d107fef11b (patch) | |
tree | 7acee111840bd25183513e9bde08e939ffd57be8 /net/ipv4 | |
parent | 7756332f5b64c9c1535712b9679792e8bd4f0019 (diff) | |
parent | e2faeec2de9e2c73958e6ea6065dde1e8cd6f3a2 (diff) |
Merge branch 'master' of ../netdev/
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/af_inet.c | 7 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_queue.c | 12 |
2 files changed, 11 insertions, 8 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 1b745d412cf6..dd2b9478ddd1 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c | |||
@@ -466,8 +466,13 @@ int inet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) | |||
466 | goto out; | 466 | goto out; |
467 | 467 | ||
468 | if (addr->sin_family != AF_INET) { | 468 | if (addr->sin_family != AF_INET) { |
469 | /* Compatibility games : accept AF_UNSPEC (mapped to AF_INET) | ||
470 | * only if s_addr is INADDR_ANY. | ||
471 | */ | ||
469 | err = -EAFNOSUPPORT; | 472 | err = -EAFNOSUPPORT; |
470 | goto out; | 473 | if (addr->sin_family != AF_UNSPEC || |
474 | addr->sin_addr.s_addr != htonl(INADDR_ANY)) | ||
475 | goto out; | ||
471 | } | 476 | } |
472 | 477 | ||
473 | chk_addr_ret = inet_addr_type(sock_net(sk), addr->sin_addr.s_addr); | 478 | chk_addr_ret = inet_addr_type(sock_net(sk), addr->sin_addr.s_addr); |
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index 5c9b9d963918..e59aabd0eae4 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c | |||
@@ -218,6 +218,7 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp) | |||
218 | return skb; | 218 | return skb; |
219 | 219 | ||
220 | nlmsg_failure: | 220 | nlmsg_failure: |
221 | kfree_skb(skb); | ||
221 | *errp = -EINVAL; | 222 | *errp = -EINVAL; |
222 | printk(KERN_ERR "ip_queue: error creating packet message\n"); | 223 | printk(KERN_ERR "ip_queue: error creating packet message\n"); |
223 | return NULL; | 224 | return NULL; |
@@ -313,7 +314,7 @@ ipq_set_verdict(struct ipq_verdict_msg *vmsg, unsigned int len) | |||
313 | { | 314 | { |
314 | struct nf_queue_entry *entry; | 315 | struct nf_queue_entry *entry; |
315 | 316 | ||
316 | if (vmsg->value > NF_MAX_VERDICT) | 317 | if (vmsg->value > NF_MAX_VERDICT || vmsg->value == NF_STOLEN) |
317 | return -EINVAL; | 318 | return -EINVAL; |
318 | 319 | ||
319 | entry = ipq_find_dequeue_entry(vmsg->id); | 320 | entry = ipq_find_dequeue_entry(vmsg->id); |
@@ -358,12 +359,9 @@ ipq_receive_peer(struct ipq_peer_msg *pmsg, | |||
358 | break; | 359 | break; |
359 | 360 | ||
360 | case IPQM_VERDICT: | 361 | case IPQM_VERDICT: |
361 | if (pmsg->msg.verdict.value > NF_MAX_VERDICT) | 362 | status = ipq_set_verdict(&pmsg->msg.verdict, |
362 | status = -EINVAL; | 363 | len - sizeof(*pmsg)); |
363 | else | 364 | break; |
364 | status = ipq_set_verdict(&pmsg->msg.verdict, | ||
365 | len - sizeof(*pmsg)); | ||
366 | break; | ||
367 | default: | 365 | default: |
368 | status = -EINVAL; | 366 | status = -EINVAL; |
369 | } | 367 | } |