From: Willy Tarreau <w@1wt.eu>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Greg Kroah-Hartman <gregkh@suse.de>
Subject: [2.6.20.21 review 34/35] Fix datagram recvmsg NULL iov handling regression.
Date: Sat, 13 Oct 2007 17:28:56 +0200 [thread overview]
Message-ID: <20071013143513.%N@1wt.eu> (raw)
In-Reply-To: 20071013142822.%N@1wt.eu
[-- Attachment #1: 0100-Fix-datagram-recvmsg-NULL-iov-handling-regression.patch --]
[-- Type: text/plain, Size: 1084 bytes --]
commit ef8aef55ce61fd0e2af798695f7386ac756ae1e7 in mainline
Subject: [2.6.20.21 review 34/35] [PATCH] [NET]: Do not dereference iov if length is zero
When msg_iovlen is zero we shouldn't try to dereference
msg_iov. Right now the only thing that tries to do so
is skb_copy_and_csum_datagram_iovec. Since the total
length should also be zero if msg_iovlen is zero, it's
sufficient to check the total length there and simply
return if it's zero.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/core/datagram.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
Index: 2.6/net/core/datagram.c
===================================================================
--- 2.6.orig/net/core/datagram.c
+++ 2.6/net/core/datagram.c
@@ -444,6 +444,9 @@ int skb_copy_and_csum_datagram_iovec(str
__wsum csum;
int chunk = skb->len - hlen;
+ if (!chunk)
+ return 0;
+
/* Skip filled elements.
* Pretty silly, look at memcpy_toiovec, though 8)
*/
--
next prev parent reply other threads:[~2007-10-13 14:55 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-13 14:28 [2.6.20.21 review 00/35] 2.6.20.21 -stable review Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 01/35] ACPICA: Fixed possible corruption of global GPE list Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 02/35] AVR32: Fix atomic_add_unless() and atomic_sub_unless() Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 03/35] r8169: avoid needless NAPI poll scheduling Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 04/35] i386: allow debuggers to access the vsyscall page with compat vDSO Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 05/35] DCCP: Fix DCCP GFP_KERNEL allocation in atomic context Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 06/35] Netfilter: Missing Kbuild entry for netfilter Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 07/35] SNAP: Fix SNAP protocol header accesses Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 09/35] SPARC64: Fix sparc64 task stack traces Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 10/35] TCP: Do not autobind ports for TCP sockets Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 11/35] TCP: Fix TCP rate-halving on bidirectional flows Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 13/35] USB: allow retry on descriptor fetch errors Willy Tarreau
2007-10-13 17:15 ` [2.6.20.21 review 12/35] TCP: Fix TCP handling of SACK in bidirectional flows Ilpo Järvinen
2007-10-13 17:22 ` Willy Tarreau
2007-10-13 17:50 ` Adrian Bunk
2007-10-13 18:10 ` Willy Tarreau
2007-10-14 8:55 ` Ilpo Järvinen
2007-10-13 15:28 ` [2.6.20.21 review 14/35] USB: fix DoS in pwc USB video driver Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 15/35] Convert snd-page-alloc proc file to use seq_file Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 16/35] setpgid(child) fails if the child was forked by sub-thread Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 17/35] sigqueue_free: fix the race with collect_signal() Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 18/35] USB: fix linked list insertion bugfix for usb core Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 19/35] POWERPC: Flush registers to proper task context Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 21/35] V4L: cx88: Avoid a NULL pointer dereference during mpeg_open() Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 22/35] Fix "Fix DAC960 driver on machines which dont support 64-bit DMA" Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 23/35] futex_compat: fix list traversal bugs Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 24/35] Leases can be hidden by flocks Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 25/35] nfs: fix oops re sysctls and V4 support Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 26/35] dir_index: error out instead of BUG on corrupt dx dirs Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 27/35] ieee1394: ohci1394: fix initialization if built non-modular Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 28/35] Fix race with shared tag queue maps Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 29/35] crypto: blkcipher_get_spot() handling of buffer at end of page Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 30/35] fix realtek phy id in forcedeth Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 31/35] Fix IPV6 append OOPS Willy Tarreau
2007-10-13 15:28 ` [2.6.20.21 review 33/35] Fix ipv6 double-sock-release with MSG_CONFIRM Willy Tarreau
2007-10-13 15:28 ` Willy Tarreau [this message]
2007-10-13 15:28 ` [2.6.20.21 review 35/35] sysfs: store sysfs inode nrs in s_ino to avoid readdir oopses Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071013143513.%N@1wt.eu \
--to=w@1wt.eu \
--cc=davem@davemloft.net \
--cc=gregkh@suse.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.