[GIT PULL nf-next] Second round of IPVS Updates for v3.19

[GIT PULL nf-next] Second round of IPVS Updates for v3.19

[Simon Horman]

Hi Pablo,

please consider these IPVS updates for v3.19 or alternatively v3.20.

The single patch in this series fixes a long standing bug that
has not caused any trouble and thus is not being prioritised as a fix.


The following changes since commit d6b00fec5dbbe976904b4d77e7d4f9493df5c2ec:

  macvlan: play well with ipvlan device (2014-12-09 16:10:06 -0500)

are available in the git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git tags/ipvs2-for-v3.19

for you to fetch changes up to 3b05ac3824ed9648c0d9c02d51d9b54e4e7e874f:

  ipvs: uninitialized data with IP_VS_IPV6 (2014-12-10 17:36:47 +0900)

----------------------------------------------------------------
Dan Carpenter (1):
      ipvs: uninitialized data with IP_VS_IPV6

 net/netfilter/ipvs/ip_vs_ftp.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

[PATCH nf-next] ipvs: uninitialized data with IP_VS_IPV6

[Simon Horman]

From: Dan Carpenter <dan.carpenter@oracle.com>

The app_tcp_pkt_out() function expects "*diff" to be set and ends up
using uninitialized data if CONFIG_IP_VS_IPV6 is turned on.

The same issue is there in app_tcp_pkt_in().  Thanks to Julian Anastasov
for noticing that.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
 net/netfilter/ipvs/ip_vs_ftp.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
index 1d5341f..5d3daae 100644
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -183,6 +183,8 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
 	struct nf_conn *ct;
 	struct net *net;
 
+	*diff = 0;
+
 #ifdef CONFIG_IP_VS_IPV6
 	/* This application helper doesn't work with IPv6 yet,
 	 * so turn this into a no-op for IPv6 packets
@@ -191,8 +193,6 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
 		return 1;
 #endif
 
-	*diff = 0;
-
 	/* Only useful for established sessions */
 	if (cp->state != IP_VS_TCP_S_ESTABLISHED)
 		return 1;
@@ -322,6 +322,9 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
 	struct ip_vs_conn *n_cp;
 	struct net *net;
 
+	/* no diff required for incoming packets */
+	*diff = 0;
+
 #ifdef CONFIG_IP_VS_IPV6
 	/* This application helper doesn't work with IPv6 yet,
 	 * so turn this into a no-op for IPv6 packets
@@ -330,9 +333,6 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
 		return 1;
 #endif
 
-	/* no diff required for incoming packets */
-	*diff = 0;
-
 	/* Only useful for established sessions */
 	if (cp->state != IP_VS_TCP_S_ESTABLISHED)
 		return 1;
-- 
2.1.3

Re: [GIT PULL nf-next] Second round of IPVS Updates for v3.19

[Pablo Neira Ayuso]

On Wed, Dec 10, 2014 at 05:46:40PM +0900, Simon Horman wrote:
> Hi Pablo,
> 
> please consider these IPVS updates for v3.19 or alternatively v3.20.
> 
> The single patch in this series fixes a long standing bug that
> has not caused any trouble and thus is not being prioritised as a fix.
> 
> 
> The following changes since commit d6b00fec5dbbe976904b4d77e7d4f9493df5c2ec:
> 
>   macvlan: play well with ipvlan device (2014-12-09 16:10:06 -0500)
> 
> are available in the git repository at:
> 
>   https://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git tags/ipvs2-for-v3.19

Pulled, thanks Simon.

This applies cleanly to:

3.2.x
3.4.x
3.10.x
3.14.x
3.17.x
3.18.x

Please, let me know if this patch has some non obvious dependencies
that needs to be fulfilled before passing it to -stable or it's plain
fine to pass it on.