From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
Jake Edge <jake@lwn.net>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Gerrit Renker <gerrit@erg.abdn.ac.uk>,
"David S. Miller" <davem@davemloft.net>
Subject: [patch 9/9] udplite: Protection against coverage value wrap-around
Date: Fri, 25 Jul 2008 16:07:38 -0700 [thread overview]
Message-ID: <20080725230738.GJ1612@suse.de> (raw)
In-Reply-To: <20080725230644.GA1612@suse.de>
[-- Attachment #1: 0009-udplite-Protection-against-coverage-value-wrap-arou.patch --]
[-- Type: text/plain, Size: 2234 bytes --]
2.6.25-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Gerrit Renker <gerrit@erg.abdn.ac.uk>
[ Upstream commit 47112e25da41d9059626033986dc3353e101f815 ]
This patch clamps the cscov setsockopt values to a maximum of 0xFFFF.
Setsockopt values greater than 0xffff can cause an unwanted
wrap-around. Further, IPv6 jumbograms are not supported (RFC 3838,
3.5), so that values greater than 0xffff are not even useful.
Further changes: fixed a typo in the documentation.
[ Add USHORT_MAX from upstream to linux/kernel.h -DaveM ]
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
Documentation/networking/udplite.txt | 2 +-
include/linux/kernel.h | 1 +
net/ipv4/udp.c | 4 ++++
3 files changed, 6 insertions(+), 1 deletion(-)
--- a/Documentation/networking/udplite.txt
+++ b/Documentation/networking/udplite.txt
@@ -148,7 +148,7 @@
getsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, &value, ...);
is meaningless (as in TCP). Packets with a zero checksum field are
- illegal (cf. RFC 3828, sec. 3.1) will be silently discarded.
+ illegal (cf. RFC 3828, sec. 3.1) and will be silently discarded.
4) Fragmentation
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -20,6 +20,7 @@
extern const char linux_banner[];
extern const char linux_proc_banner[];
+#define USHORT_MAX ((u16)(~0U))
#define INT_MAX ((int)(~0U>>1))
#define INT_MIN (-INT_MAX - 1)
#define UINT_MAX (~0U)
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1325,6 +1325,8 @@ int udp_lib_setsockopt(struct sock *sk,
return -ENOPROTOOPT;
if (val != 0 && val < 8) /* Illegal coverage: use default (8) */
val = 8;
+ else if (val > USHORT_MAX)
+ val = USHORT_MAX;
up->pcslen = val;
up->pcflag |= UDPLITE_SEND_CC;
break;
@@ -1337,6 +1339,8 @@ int udp_lib_setsockopt(struct sock *sk,
return -ENOPROTOOPT;
if (val != 0 && val < 8) /* Avoid silly minimal values. */
val = 8;
+ else if (val > USHORT_MAX)
+ val = USHORT_MAX;
up->pcrlen = val;
up->pcflag |= UDPLITE_RECV_CC;
break;
--
next prev parent reply other threads:[~2008-07-25 23:13 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080725225425.193966072@mini.kroah.org>
2008-07-25 23:06 ` [patch 0/9] 2.6.25-stable review Greg KH
2008-07-25 23:07 ` [patch 1/9] hdlcdrv: Fix CRC calculation Greg KH
2008-07-25 23:07 ` [patch 2/9] ipv6: __KERNEL__ ifdef struct ipv6_devconf Greg KH
2008-07-25 23:07 ` [patch 3/9] ipv6: use timer pending Greg KH
2008-07-25 23:07 ` [patch 4/9] l2tp: Fix potential memory corruption in pppol2tp_recvmsg() Greg KH
2008-07-25 23:07 ` [patch 5/9] net pppoe: Check packet length on all receive paths Greg KH
2008-07-25 23:07 ` [patch 6/9] pppoe: Unshare skb before anything else Greg KH
2008-07-25 23:07 ` [patch 7/9] raw: Restore /proc/net/raw correct behavior Greg KH
2008-07-25 23:07 ` [patch 8/9] xfrm: fix fragmentation for ipv4 xfrm tunnel Greg KH
2008-07-25 23:07 ` Greg KH [this message]
2008-07-26 2:54 ` [patch 0/9] 2.6.25-stable review Grant Coady
2008-07-26 3:44 ` Greg KH
2008-07-26 4:07 ` Richard A Nelson
2008-07-26 5:08 ` [stable] " Greg KH
2008-07-26 6:27 ` Henrique de Moraes Holschuh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080725230738.GJ1612@suse.de \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=gerrit@erg.abdn.ac.uk \
--cc=jake@lwn.net \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.