aboutsummaryrefslogtreecommitdiffstats
path: root/net/x25
diff options
context:
space:
mode:
Diffstat (limited to 'net/x25')
-rw-r--r--net/x25/af_x25.c68
-rw-r--r--net/x25/x25_dev.c1
-rw-r--r--net/x25/x25_facilities.c27
-rw-r--r--net/x25/x25_forward.c1
-rw-r--r--net/x25/x25_in.c16
-rw-r--r--net/x25/x25_link.c1
-rw-r--r--net/x25/x25_out.c1
-rw-r--r--net/x25/x25_route.c1
-rw-r--r--net/x25/x25_subr.c1
9 files changed, 104 insertions, 13 deletions
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 9796f3ed1edb..cbddd0cb83f1 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -47,6 +47,7 @@
47#include <linux/netdevice.h> 47#include <linux/netdevice.h>
48#include <linux/if_arp.h> 48#include <linux/if_arp.h>
49#include <linux/skbuff.h> 49#include <linux/skbuff.h>
50#include <linux/slab.h>
50#include <net/sock.h> 51#include <net/sock.h>
51#include <net/tcp_states.h> 52#include <net/tcp_states.h>
52#include <asm/uaccess.h> 53#include <asm/uaccess.h>
@@ -82,6 +83,41 @@ struct compat_x25_subscrip_struct {
82}; 83};
83#endif 84#endif
84 85
86
87int x25_parse_address_block(struct sk_buff *skb,
88 struct x25_address *called_addr,
89 struct x25_address *calling_addr)
90{
91 unsigned char len;
92 int needed;
93 int rc;
94
95 if (skb->len < 1) {
96 /* packet has no address block */
97 rc = 0;
98 goto empty;
99 }
100
101 len = *skb->data;
102 needed = 1 + (len >> 4) + (len & 0x0f);
103
104 if (skb->len < needed) {
105 /* packet is too short to hold the addresses it claims
106 to hold */
107 rc = -1;
108 goto empty;
109 }
110
111 return x25_addr_ntoa(skb->data, called_addr, calling_addr);
112
113empty:
114 *called_addr->x25_addr = 0;
115 *calling_addr->x25_addr = 0;
116
117 return rc;
118}
119
120
85int x25_addr_ntoa(unsigned char *p, struct x25_address *called_addr, 121int x25_addr_ntoa(unsigned char *p, struct x25_address *called_addr,
86 struct x25_address *calling_addr) 122 struct x25_address *calling_addr)
87{ 123{
@@ -553,7 +589,8 @@ static int x25_create(struct net *net, struct socket *sock, int protocol,
553 x25->facilities.winsize_out = X25_DEFAULT_WINDOW_SIZE; 589 x25->facilities.winsize_out = X25_DEFAULT_WINDOW_SIZE;
554 x25->facilities.pacsize_in = X25_DEFAULT_PACKET_SIZE; 590 x25->facilities.pacsize_in = X25_DEFAULT_PACKET_SIZE;
555 x25->facilities.pacsize_out = X25_DEFAULT_PACKET_SIZE; 591 x25->facilities.pacsize_out = X25_DEFAULT_PACKET_SIZE;
556 x25->facilities.throughput = X25_DEFAULT_THROUGHPUT; 592 x25->facilities.throughput = 0; /* by default don't negotiate
593 throughput */
557 x25->facilities.reverse = X25_DEFAULT_REVERSE; 594 x25->facilities.reverse = X25_DEFAULT_REVERSE;
558 x25->dte_facilities.calling_len = 0; 595 x25->dte_facilities.calling_len = 0;
559 x25->dte_facilities.called_len = 0; 596 x25->dte_facilities.called_len = 0;
@@ -921,16 +958,26 @@ int x25_rx_call_request(struct sk_buff *skb, struct x25_neigh *nb,
921 /* 958 /*
922 * Extract the X.25 addresses and convert them to ASCII strings, 959 * Extract the X.25 addresses and convert them to ASCII strings,
923 * and remove them. 960 * and remove them.
961 *
962 * Address block is mandatory in call request packets
924 */ 963 */
925 addr_len = x25_addr_ntoa(skb->data, &source_addr, &dest_addr); 964 addr_len = x25_parse_address_block(skb, &source_addr, &dest_addr);
965 if (addr_len <= 0)
966 goto out_clear_request;
926 skb_pull(skb, addr_len); 967 skb_pull(skb, addr_len);
927 968
928 /* 969 /*
929 * Get the length of the facilities, skip past them for the moment 970 * Get the length of the facilities, skip past them for the moment
930 * get the call user data because this is needed to determine 971 * get the call user data because this is needed to determine
931 * the correct listener 972 * the correct listener
973 *
974 * Facilities length is mandatory in call request packets
932 */ 975 */
976 if (skb->len < 1)
977 goto out_clear_request;
933 len = skb->data[0] + 1; 978 len = skb->data[0] + 1;
979 if (skb->len < len)
980 goto out_clear_request;
934 skb_pull(skb,len); 981 skb_pull(skb,len);
935 982
936 /* 983 /*
@@ -1414,9 +1461,20 @@ static int x25_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
1414 if (facilities.winsize_in < 1 || 1461 if (facilities.winsize_in < 1 ||
1415 facilities.winsize_in > 127) 1462 facilities.winsize_in > 127)
1416 break; 1463 break;
1417 if (facilities.throughput < 0x03 || 1464 if (facilities.throughput) {
1418 facilities.throughput > 0xDD) 1465 int out = facilities.throughput & 0xf0;
1419 break; 1466 int in = facilities.throughput & 0x0f;
1467 if (!out)
1468 facilities.throughput |=
1469 X25_DEFAULT_THROUGHPUT << 4;
1470 else if (out < 0x30 || out > 0xD0)
1471 break;
1472 if (!in)
1473 facilities.throughput |=
1474 X25_DEFAULT_THROUGHPUT;
1475 else if (in < 0x03 || in > 0x0D)
1476 break;
1477 }
1420 if (facilities.reverse && 1478 if (facilities.reverse &&
1421 (facilities.reverse & 0x81) != 0x81) 1479 (facilities.reverse & 0x81) != 0x81)
1422 break; 1480 break;
diff --git a/net/x25/x25_dev.c b/net/x25/x25_dev.c
index 52e304212241..b9ef682230a0 100644
--- a/net/x25/x25_dev.c
+++ b/net/x25/x25_dev.c
@@ -20,6 +20,7 @@
20#include <linux/kernel.h> 20#include <linux/kernel.h>
21#include <linux/netdevice.h> 21#include <linux/netdevice.h>
22#include <linux/skbuff.h> 22#include <linux/skbuff.h>
23#include <linux/slab.h>
23#include <net/sock.h> 24#include <net/sock.h>
24#include <linux/if_arp.h> 25#include <linux/if_arp.h>
25#include <net/x25.h> 26#include <net/x25.h>
diff --git a/net/x25/x25_facilities.c b/net/x25/x25_facilities.c
index a21f6646eb3a..771bab00754b 100644
--- a/net/x25/x25_facilities.c
+++ b/net/x25/x25_facilities.c
@@ -35,7 +35,7 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
35 struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask) 35 struct x25_dte_facilities *dte_facs, unsigned long *vc_fac_mask)
36{ 36{
37 unsigned char *p = skb->data; 37 unsigned char *p = skb->data;
38 unsigned int len = *p++; 38 unsigned int len;
39 39
40 *vc_fac_mask = 0; 40 *vc_fac_mask = 0;
41 41
@@ -50,6 +50,14 @@ int x25_parse_facilities(struct sk_buff *skb, struct x25_facilities *facilities,
50 memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae)); 50 memset(dte_facs->called_ae, '\0', sizeof(dte_facs->called_ae));
51 memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae)); 51 memset(dte_facs->calling_ae, '\0', sizeof(dte_facs->calling_ae));
52 52
53 if (skb->len < 1)
54 return 0;
55
56 len = *p++;
57
58 if (len >= skb->len)
59 return -1;
60
53 while (len > 0) { 61 while (len > 0) {
54 switch (*p & X25_FAC_CLASS_MASK) { 62 switch (*p & X25_FAC_CLASS_MASK) {
55 case X25_FAC_CLASS_A: 63 case X25_FAC_CLASS_A:
@@ -247,6 +255,8 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk,
247 memcpy(new, ours, sizeof(*new)); 255 memcpy(new, ours, sizeof(*new));
248 256
249 len = x25_parse_facilities(skb, &theirs, dte, &x25->vc_facil_mask); 257 len = x25_parse_facilities(skb, &theirs, dte, &x25->vc_facil_mask);
258 if (len < 0)
259 return len;
250 260
251 /* 261 /*
252 * They want reverse charging, we won't accept it. 262 * They want reverse charging, we won't accept it.
@@ -259,9 +269,18 @@ int x25_negotiate_facilities(struct sk_buff *skb, struct sock *sk,
259 new->reverse = theirs.reverse; 269 new->reverse = theirs.reverse;
260 270
261 if (theirs.throughput) { 271 if (theirs.throughput) {
262 if (theirs.throughput < ours->throughput) { 272 int theirs_in = theirs.throughput & 0x0f;
263 SOCK_DEBUG(sk, "X.25: throughput negotiated down\n"); 273 int theirs_out = theirs.throughput & 0xf0;
264 new->throughput = theirs.throughput; 274 int ours_in = ours->throughput & 0x0f;
275 int ours_out = ours->throughput & 0xf0;
276 if (!ours_in || theirs_in < ours_in) {
277 SOCK_DEBUG(sk, "X.25: inbound throughput negotiated\n");
278 new->throughput = (new->throughput & 0xf0) | theirs_in;
279 }
280 if (!ours_out || theirs_out < ours_out) {
281 SOCK_DEBUG(sk,
282 "X.25: outbound throughput negotiated\n");
283 new->throughput = (new->throughput & 0x0f) | theirs_out;
265 } 284 }
266 } 285 }
267 286
diff --git a/net/x25/x25_forward.c b/net/x25/x25_forward.c
index 056a55f3a871..25a810793968 100644
--- a/net/x25/x25_forward.c
+++ b/net/x25/x25_forward.c
@@ -10,6 +10,7 @@
10 */ 10 */
11#include <linux/if_arp.h> 11#include <linux/if_arp.h>
12#include <linux/init.h> 12#include <linux/init.h>
13#include <linux/slab.h>
13#include <net/x25.h> 14#include <net/x25.h>
14 15
15LIST_HEAD(x25_forward_list); 16LIST_HEAD(x25_forward_list);
diff --git a/net/x25/x25_in.c b/net/x25/x25_in.c
index 96d922783547..372ac226e648 100644
--- a/net/x25/x25_in.c
+++ b/net/x25/x25_in.c
@@ -23,6 +23,7 @@
23 * i-frames. 23 * i-frames.
24 */ 24 */
25 25
26#include <linux/slab.h>
26#include <linux/errno.h> 27#include <linux/errno.h>
27#include <linux/kernel.h> 28#include <linux/kernel.h>
28#include <linux/string.h> 29#include <linux/string.h>
@@ -89,6 +90,7 @@ static int x25_queue_rx_frame(struct sock *sk, struct sk_buff *skb, int more)
89static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametype) 90static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametype)
90{ 91{
91 struct x25_address source_addr, dest_addr; 92 struct x25_address source_addr, dest_addr;
93 int len;
92 94
93 switch (frametype) { 95 switch (frametype) {
94 case X25_CALL_ACCEPTED: { 96 case X25_CALL_ACCEPTED: {
@@ -106,11 +108,17 @@ static int x25_state1_machine(struct sock *sk, struct sk_buff *skb, int frametyp
106 * Parse the data in the frame. 108 * Parse the data in the frame.
107 */ 109 */
108 skb_pull(skb, X25_STD_MIN_LEN); 110 skb_pull(skb, X25_STD_MIN_LEN);
109 skb_pull(skb, x25_addr_ntoa(skb->data, &source_addr, &dest_addr)); 111
110 skb_pull(skb, 112 len = x25_parse_address_block(skb, &source_addr,
111 x25_parse_facilities(skb, &x25->facilities, 113 &dest_addr);
114 if (len > 0)
115 skb_pull(skb, len);
116
117 len = x25_parse_facilities(skb, &x25->facilities,
112 &x25->dte_facilities, 118 &x25->dte_facilities,
113 &x25->vc_facil_mask)); 119 &x25->vc_facil_mask);
120 if (len > 0)
121 skb_pull(skb, len);
114 /* 122 /*
115 * Copy any Call User Data. 123 * Copy any Call User Data.
116 */ 124 */
diff --git a/net/x25/x25_link.c b/net/x25/x25_link.c
index e4e1b6e49538..73e7b954ad28 100644
--- a/net/x25/x25_link.c
+++ b/net/x25/x25_link.c
@@ -24,6 +24,7 @@
24#include <linux/kernel.h> 24#include <linux/kernel.h>
25#include <linux/jiffies.h> 25#include <linux/jiffies.h>
26#include <linux/timer.h> 26#include <linux/timer.h>
27#include <linux/slab.h>
27#include <linux/netdevice.h> 28#include <linux/netdevice.h>
28#include <linux/skbuff.h> 29#include <linux/skbuff.h>
29#include <asm/uaccess.h> 30#include <asm/uaccess.h>
diff --git a/net/x25/x25_out.c b/net/x25/x25_out.c
index 2b96b52114d6..52351a26b6fc 100644
--- a/net/x25/x25_out.c
+++ b/net/x25/x25_out.c
@@ -22,6 +22,7 @@
22 * needed cleaned seq-number fields. 22 * needed cleaned seq-number fields.
23 */ 23 */
24 24
25#include <linux/slab.h>
25#include <linux/socket.h> 26#include <linux/socket.h>
26#include <linux/kernel.h> 27#include <linux/kernel.h>
27#include <linux/string.h> 28#include <linux/string.h>
diff --git a/net/x25/x25_route.c b/net/x25/x25_route.c
index b95fae9ab393..97d77c532d8c 100644
--- a/net/x25/x25_route.c
+++ b/net/x25/x25_route.c
@@ -19,6 +19,7 @@
19 19
20#include <linux/if_arp.h> 20#include <linux/if_arp.h>
21#include <linux/init.h> 21#include <linux/init.h>
22#include <linux/slab.h>
22#include <net/x25.h> 23#include <net/x25.h>
23 24
24LIST_HEAD(x25_route_list); 25LIST_HEAD(x25_route_list);
diff --git a/net/x25/x25_subr.c b/net/x25/x25_subr.c
index 352b32d216fc..dc20cf12f39b 100644
--- a/net/x25/x25_subr.c
+++ b/net/x25/x25_subr.c
@@ -23,6 +23,7 @@
23 * restriction on response. 23 * restriction on response.
24 */ 24 */
25 25
26#include <linux/slab.h>
26#include <linux/kernel.h> 27#include <linux/kernel.h>
27#include <linux/string.h> 28#include <linux/string.h>
28#include <linux/skbuff.h> 29#include <linux/skbuff.h>