diff options
Diffstat (limited to 'net/x25')
-rw-r--r-- | net/x25/af_x25.c | 68 | ||||
-rw-r--r-- | net/x25/x25_dev.c | 1 | ||||
-rw-r--r-- | net/x25/x25_facilities.c | 27 | ||||
-rw-r--r-- | net/x25/x25_forward.c | 1 | ||||
-rw-r--r-- | net/x25/x25_in.c | 16 | ||||
-rw-r--r-- | net/x25/x25_link.c | 1 | ||||
-rw-r--r-- | net/x25/x25_out.c | 1 | ||||
-rw-r--r-- | net/x25/x25_route.c | 1 | ||||
-rw-r--r-- | net/x25/x25_subr.c | 1 |
9 files changed, 104 insertions, 13 deletions
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c index 9796f3ed1edb..cbddd0cb83f1 100644 --- a/net/x25/af_x25.c +++ b/net/x25/af_x25.c | |||
@@ -47,6 +47,7 @@ | |||
47 | #include <linux/netdevice.h> | 47 | #include <linux/netdevice.h> |
48 | #include <linux/if_arp.h> | 48 | #include <linux/if_arp.h> |
49 | #include <linux/skbuff.h> | 49 | #include <linux/skbuff.h> |
50 | #include <linux/slab.h> | ||
50 | #include <net/sock.h> | 51 | #include <net/sock.h> |
51 | #include <net/tcp_states.h> | 52 | #include <net/tcp_states.h> |
52 | #include <asm/uaccess.h> | 53 | #include <asm/uaccess.h> |
@@ -82,6 +83,41 @@ struct compat_x25_subscrip_struct { | |||
82 | }; | 83 | }; |
83 | #endif | 84 | #endif |
84 | 85 | ||
86 | |||
87 | int x25_parse_address_block(struct sk_buff *skb, | ||
88 | struct x25_address *called_addr, | ||
89 | struct x25_address *calling_addr) | ||
90 | { | ||
91 | unsigned char len; | ||
92 | int needed; | ||
93 | int rc; | ||
94 | |||
95 | if (skb->len < 1) { | ||
96 | /* packet has no address block */ | ||
97 | rc = 0; | ||
98 | goto empty; | ||
99 | } | ||
100 | |||
101 | len = *skb->data; | ||
102 | needed = 1 + (len >> 4) + (len & 0x0f); | ||
103 | |||
104 | if (skb->len < needed) { | ||
105 | /* packet is too short to hold the addresses it claims | ||
106 | to hold */ | ||
107 | rc = -1; | ||
108 | goto empty; | ||
109 | } | ||
110 | |||
111 | return x25_addr_ntoa(skb->data, called_addr, calling_addr); | ||
112 | |||
113 | empty: | ||
114 | *called_addr->x25_addr = 0; | ||
115 | *calling_addr->x25_addr = 0; | ||
116 | |||
117 | return rc; | ||
118 | } | ||
119 | |||
120 | |||
85 | int x25_addr_ntoa(unsigned char *p, struct x25_address *called_addr, | 121 | int x25_addr_ntoa(unsigned char *p, struct x25_address *called_addr, |
86 | struct x25_address *calling_addr) | 122 | struct x25_address *calling_addr) |
87 | { | 123 | { |
@@ -553,7 +589,8 @@ static int x25_create(struct net *net, struct socket *sock, int protocol, | |||
553 | x25->facilities.winsize_out = X25_DEFAULT_WINDOW_SIZE; | 589 | x25->facilities.winsize_out = X25_DEFAULT_WINDOW_SIZE; |
554 | x25->facilities.pacsize_in = X25_DEFAULT_PACKET_SIZE; | 590 | x25->facilities.pacsize_in = X25_DEFAULT_PACKET_SIZE; |
555 | x25->facilities.pacsize_out = X25_DEFAULT_PACKET_SIZE; | 591 | x25->facilities.pacsize_out = X25_DEFAULT_PACKET_SIZE; |
556 | x25->facilities.throughput = X25_DEFAULT_THROUGHPUT; | 592 | x25->facilities.throughput = 0; /* by default don't negotiate |
593 | throughput */ | ||
557 | x25->facilities.reverse = X25_DEFAULT_REVERSE; | 594 | x25->facilities.reverse = X25_DEFAULT_REVERSE; |
558 | x25->dte_facilities.calling_len = 0; | 595 | x25->dte_facilities.calling_len = 0; |
559 | x25->dte_facilities.called_len = 0; | 596 | x25->dte_facilities.called_len = 0; |
@@ -921,16 +958,26 @@ int x25_rx_call_request(struct sk_buff *skb, struct x25_neigh *nb, | |||
921 | /* | 958 | /* |
922 | * Extract the X.25 addresses and convert them to ASCII strings, | 959 | * Extract the X.25 addresses and convert them to ASCII strings, |
923 | * and remove them. | 960 | * and remove them. |
961 | * | ||
962 | * Address block is mandatory in call request packets | ||
924 | */ | 963 | */ |
925 | addr_len = x25_addr_ntoa(skb->data, &source_addr, &dest_addr); | 964 | addr_len = x25_parse_address_block(skb, &source_addr, &dest_addr); |
965 | if (addr_len <= 0) | ||
966 | goto out_clear_request; | ||
926 | skb_pull(skb, addr_len); | 967 | skb_pull(skb, addr_len); |
927 | 968 | ||
928 | /* | 969 | /* |
929 | * Get the length of the facilities, skip past them for the moment | 970 | * Get the length of the facilities, skip past them for the moment |
930 | * get the call user data because this is needed to determine | 971 | * get the call user data because this is needed to determine |
931 | * the correct listener | 972 | * the correct listener |
973 | * | ||
974 | * Facilities length is mandatory in call request packets | ||
932 | */ | 975 | */ |
976 | if (skb->len < 1) | ||
977 | goto out_clear_request; | ||
933 | len = skb->data[0] + 1; | 978 | len = skb->data[0] + 1; |
979 | if (skb->len < len) | ||
980 | goto out_clear_request; | ||
934 | skb_pull(skb,len); | 981 | skb_pull(skb,len); |
935 | 982 | ||
936 | /* | 983 | /* |
@@ -1414,9 +1461,20 @@ static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) | |||
1414 | if (facilities.winsize_in < 1 || | 1461 | if (facilities.winsize_in < 1 || |
1415 | facilities.winsize_in > 127) | 1462 | facilities.winsize_in > 127) |
1416 | break; | 1463 | break; |
1417 | if (facilities.throughput < 0x03 || | 1464 | if (facilities.throughput) { |
1418 | facilities.throughput > 0xDD) | 1465 | int out = facilities.throughput & 0xf0; |
1419 | break; | 1466 | int in = facilities.throughput & 0x0f; |
1467 | if (!out) | ||
1468 | facilities.throughput |= | ||
1469 | X25_DEFAULT_THROUGHPUT << 4; | ||
1470 | else if (out < 0x30 || out > 0xD0) | ||
1471 | break; | ||
1472 | if (!in) | ||
1473 | facilities.throughput |= | ||
1474 | X25_DEFAULT_THROUGHPUT; | ||
1475 | else if (in < 0x03 || in > 0x0D) | ||
1476 | break; | ||
1477 | } | ||
1420 | if (facilities.reverse && | 1478 | if (facilities.reverse && |
1421 | (facilities.reverse & 0x81) != 0x81) | 1479 | (facilities.reverse & 0x81) != 0x81) |
1422 | break; | 1480 | break; |
diff --git a/net/x25/x25_dev.c b/net/x25/x25_dev.c index 52e304212241..b9ef682230a0 100644 --- a/net/x25/x25_dev.c +++ b/net/x25/x25_dev.c | |||
@@ -20,6 +20,7 @@ | |||
20 | #include <linux/kernel.h> | 20 | #include <linux/kernel.h> |
21 | #include <linux/netdevice.h> | 21 | #include <linux/netdevice.h> |
22 | #include <linux/skbuff.h> | 22 | #include <linux/skbuff.h> |
23 | #include <linux/slab.h> | ||
23 | #include <net/sock.h> | 24 | #include <net/sock.h> |
24 | #include <linux/if_arp.h> | 25 | #include <linux/if_arp.h> |
25 | #include <net/x25.h> | 26 | #include <net/x25.h> |
diff --git a/net/x25/x25_facilities.c b/net/x25/x25_facilities.c index a21f6646eb3a..771bab00754b 100644 --- a/net/x25/x25_facilities.c +++ b/net/x25/x25_facilities.c | |||
@@ -35,7 +35,7 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities, | |||
35 | struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask) | 35 | struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask) |
36 | { | 36 | { |
37 | unsigned char *p = skb->data; | 37 | unsigned char *p = skb->data; |
38 | unsigned int len = *p++; | 38 | unsigned int len; |
39 | 39 | ||
40 | *vc_fac_mask = 0; | 40 | *vc_fac_mask = 0; |
41 | 41 | ||
@@ -50,6 +50,14 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities, | |||
50 | memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae)); | 50 | memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae)); |
51 | memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae)); | 51 | memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae)); |
52 | 52 | ||
53 | if (skb->len < 1) | ||
54 | return 0; | ||
55 | |||
56 | len = *p++; | ||
57 | |||
58 | if (len >= skb->len) | ||
59 | return -1; | ||
60 | |||
53 | while (len > 0) { | 61 | while (len > 0) { |
54 | switch (*p & X25_FAC_CLASS_MASK) { | 62 | switch (*p & X25_FAC_CLASS_MASK) { |
55 | case X25_FAC_CLASS_A: | 63 | case X25_FAC_CLASS_A: |
@@ -247,6 +255,8 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk, | |||
247 | memcpy(new, ours, sizeof(*new)); | 255 | memcpy(new, ours, sizeof(*new)); |
248 | 256 | ||
249 | len = x25_parse_facilities(skb, &theirs, dte, &x25->vc_facil_mask); | 257 | len = x25_parse_facilities(skb, &theirs, dte, &x25->vc_facil_mask); |
258 | if (len < 0) | ||
259 | return len; | ||
250 | 260 | ||
251 | /* | 261 | /* |
252 | * They want reverse charging, we won't accept it. | 262 | * They want reverse charging, we won't accept it. |
@@ -259,9 +269,18 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk, | |||
259 | new->reverse = theirs.reverse; | 269 | new->reverse = theirs.reverse; |
260 | 270 | ||
261 | if (theirs.throughput) { | 271 | if (theirs.throughput) { |
262 | if (theirs.throughput < ours->throughput) { | 272 | int theirs_in = theirs.throughput & 0x0f; |
263 | SOCK_DEBUG(sk, "X.25: throughput negotiated down\n"); | 273 | int theirs_out = theirs.throughput & 0xf0; |
264 | new->throughput = theirs.throughput; | 274 | int ours_in = ours->throughput & 0x0f; |
275 | int ours_out = ours->throughput & 0xf0; | ||
276 | if (!ours_in || theirs_in < ours_in) { | ||
277 | SOCK_DEBUG(sk, "X.25: inbound throughput negotiated\n"); | ||
278 | new->throughput = (new->throughput & 0xf0) | theirs_in; | ||
279 | } | ||
280 | if (!ours_out || theirs_out < ours_out) { | ||
281 | SOCK_DEBUG(sk, | ||
282 | "X.25: outbound throughput negotiated\n"); | ||
283 | new->throughput = (new->throughput & 0x0f) | theirs_out; | ||
265 | } | 284 | } |
266 | } | 285 | } |
267 | 286 | ||
diff --git a/net/x25/x25_forward.c b/net/x25/x25_forward.c index 056a55f3a871..25a810793968 100644 --- a/net/x25/x25_forward.c +++ b/net/x25/x25_forward.c | |||
@@ -10,6 +10,7 @@ | |||
10 | */ | 10 | */ |
11 | #include <linux/if_arp.h> | 11 | #include <linux/if_arp.h> |
12 | #include <linux/init.h> | 12 | #include <linux/init.h> |
13 | #include <linux/slab.h> | ||
13 | #include <net/x25.h> | 14 | #include <net/x25.h> |
14 | 15 | ||
15 | LIST_HEAD(x25_forward_list); | 16 | LIST_HEAD(x25_forward_list); |
diff --git a/net/x25/x25_in.c b/net/x25/x25_in.c index 96d922783547..372ac226e648 100644 --- a/net/x25/x25_in.c +++ b/net/x25/x25_in.c | |||
@@ -23,6 +23,7 @@ | |||
23 | * i-frames. | 23 | * i-frames. |
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include <linux/slab.h> | ||
26 | #include <linux/errno.h> | 27 | #include <linux/errno.h> |
27 | #include <linux/kernel.h> | 28 | #include <linux/kernel.h> |
28 | #include <linux/string.h> | 29 | #include <linux/string.h> |
@@ -89,6 +90,7 @@ static int x25_queue_rx_frame(struct sock *sk, struct sk_buff *skb, int more) | |||
89 | static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametype) | 90 | static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametype) |
90 | { | 91 | { |
91 | struct x25_address source_addr, dest_addr; | 92 | struct x25_address source_addr, dest_addr; |
93 | int len; | ||
92 | 94 | ||
93 | switch (frametype) { | 95 | switch (frametype) { |
94 | case X25_CALL_ACCEPTED: { | 96 | case X25_CALL_ACCEPTED: { |
@@ -106,11 +108,17 @@ static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametyp | |||
106 | * Parse the data in the frame. | 108 | * Parse the data in the frame. |
107 | */ | 109 | */ |
108 | skb_pull(skb, X25_STD_MIN_LEN); | 110 | skb_pull(skb, X25_STD_MIN_LEN); |
109 | skb_pull(skb, x25_addr_ntoa(skb->data, &source_addr, &dest_addr)); | 111 | |
110 | skb_pull(skb, | 112 | len = x25_parse_address_block(skb, &source_addr, |
111 | x25_parse_facilities(skb, &x25->facilities, | 113 | &dest_addr); |
114 | if (len > 0) | ||
115 | skb_pull(skb, len); | ||
116 | |||
117 | len = x25_parse_facilities(skb, &x25->facilities, | ||
112 | &x25->dte_facilities, | 118 | &x25->dte_facilities, |
113 | &x25->vc_facil_mask)); | 119 | &x25->vc_facil_mask); |
120 | if (len > 0) | ||
121 | skb_pull(skb, len); | ||
114 | /* | 122 | /* |
115 | * Copy any Call User Data. | 123 | * Copy any Call User Data. |
116 | */ | 124 | */ |
diff --git a/net/x25/x25_link.c b/net/x25/x25_link.c index e4e1b6e49538..73e7b954ad28 100644 --- a/net/x25/x25_link.c +++ b/net/x25/x25_link.c | |||
@@ -24,6 +24,7 @@ | |||
24 | #include <linux/kernel.h> | 24 | #include <linux/kernel.h> |
25 | #include <linux/jiffies.h> | 25 | #include <linux/jiffies.h> |
26 | #include <linux/timer.h> | 26 | #include <linux/timer.h> |
27 | #include <linux/slab.h> | ||
27 | #include <linux/netdevice.h> | 28 | #include <linux/netdevice.h> |
28 | #include <linux/skbuff.h> | 29 | #include <linux/skbuff.h> |
29 | #include <asm/uaccess.h> | 30 | #include <asm/uaccess.h> |
diff --git a/net/x25/x25_out.c b/net/x25/x25_out.c index 2b96b52114d6..52351a26b6fc 100644 --- a/net/x25/x25_out.c +++ b/net/x25/x25_out.c | |||
@@ -22,6 +22,7 @@ | |||
22 | * needed cleaned seq-number fields. | 22 | * needed cleaned seq-number fields. |
23 | */ | 23 | */ |
24 | 24 | ||
25 | #include <linux/slab.h> | ||
25 | #include <linux/socket.h> | 26 | #include <linux/socket.h> |
26 | #include <linux/kernel.h> | 27 | #include <linux/kernel.h> |
27 | #include <linux/string.h> | 28 | #include <linux/string.h> |
diff --git a/net/x25/x25_route.c b/net/x25/x25_route.c index b95fae9ab393..97d77c532d8c 100644 --- a/net/x25/x25_route.c +++ b/net/x25/x25_route.c | |||
@@ -19,6 +19,7 @@ | |||
19 | 19 | ||
20 | #include <linux/if_arp.h> | 20 | #include <linux/if_arp.h> |
21 | #include <linux/init.h> | 21 | #include <linux/init.h> |
22 | #include <linux/slab.h> | ||
22 | #include <net/x25.h> | 23 | #include <net/x25.h> |
23 | 24 | ||
24 | LIST_HEAD(x25_route_list); | 25 | LIST_HEAD(x25_route_list); |
diff --git a/net/x25/x25_subr.c b/net/x25/x25_subr.c index 352b32d216fc..dc20cf12f39b 100644 --- a/net/x25/x25_subr.c +++ b/net/x25/x25_subr.c | |||
@@ -23,6 +23,7 @@ | |||
23 | * restriction on response. | 23 | * restriction on response. |
24 | */ | 24 | */ |
25 | 25 | ||
26 | #include <linux/slab.h> | ||
26 | #include <linux/kernel.h> | 27 | #include <linux/kernel.h> |
27 | #include <linux/string.h> | 28 | #include <linux/string.h> |
28 | #include <linux/skbuff.h> | 29 | #include <linux/skbuff.h> |