From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
Jake Edge <jake@lwn.net>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Gerrit Renker <gerrit@erg.abdn.ac.uk>,
"David S. Miller" <davem@davemloft.net>
Subject: [patch 9/9] udplite: Protection against coverage value wrap-around
Date: Fri, 25 Jul 2008 16:07:38 -0700 [thread overview]
Message-ID: <20080725230738.GJ1612@suse.de> (raw)
In-Reply-To: <20080725230644.GA1612@suse.de>
[-- Attachment #1: 0009-udplite-Protection-against-coverage-value-wrap-arou.patch --]
[-- Type: text/plain, Size: 2234 bytes --]
2.6.25-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Gerrit Renker <gerrit@erg.abdn.ac.uk>
[ Upstream commit 47112e25da41d9059626033986dc3353e101f815 ]
This patch clamps the cscov setsockopt values to a maximum of 0xFFFF.
Setsockopt values greater than 0xffff can cause an unwanted
wrap-around. Further, IPv6 jumbograms are not supported (RFC 3838,
3.5), so that values greater than 0xffff are not even useful.
Further changes: fixed a typo in the documentation.
[ Add USHORT_MAX from upstream to linux/kernel.h -DaveM ]
Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
Documentation/networking/udplite.txt | 2 +-
include/linux/kernel.h | 1 +
net/ipv4/udp.c | 4 ++++
3 files changed, 6 insertions(+), 1 deletion(-)
--- a/Documentation/networking/udplite.txt
+++ b/Documentation/networking/udplite.txt
@@ -148,7 +148,7 @@
getsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, &value, ...);
is meaningless (as in TCP). Packets with a zero checksum field are
- illegal (cf. RFC 3828, sec. 3.1) will be silently discarded.
+ illegal (cf. RFC 3828, sec. 3.1) and will be silently discarded.
4) Fragmentation
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -20,6 +20,7 @@
extern const char linux_banner[];
extern const char linux_proc_banner[];
+#define USHORT_MAX ((u16)(~0U))
#define INT_MAX ((int)(~0U>>1))
#define INT_MIN (-INT_MAX - 1)
#define UINT_MAX (~0U)
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1325,6 +1325,8 @@ int udp_lib_setsockopt(struct sock *sk,
return -ENOPROTOOPT;
if (val != 0 && val < 8) /* Illegal coverage: use default (8) */
val = 8;
+ else if (val > USHORT_MAX)
+ val = USHORT_MAX;
up->pcslen = val;
up->pcflag |= UDPLITE_SEND_CC;
break;
@@ -1337,6 +1339,8 @@ int udp_lib_setsockopt(struct sock *sk,
return -ENOPROTOOPT;
if (val != 0 && val < 8) /* Avoid silly minimal values. */
val = 8;
+ else if (val > USHORT_MAX)
+ val = USHORT_MAX;
up->pcrlen = val;
up->pcflag |= UDPLITE_RECV_CC;
break;
--
next prev parent reply other threads:[~2008-07-25 23:13 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080725225425.193966072@mini.kroah.org>
2008-07-25 23:06 ` [patch 0/9] 2.6.25-stable review Greg KH
2008-07-25 23:07 ` [patch 1/9] hdlcdrv: Fix CRC calculation Greg KH
2008-07-25 23:07 ` [patch 2/9] ipv6: __KERNEL__ ifdef struct ipv6_devconf Greg KH
2008-07-25 23:07 ` [patch 3/9] ipv6: use timer pending Greg KH
2008-07-25 23:07 ` [patch 4/9] l2tp: Fix potential memory corruption in pppol2tp_recvmsg() Greg KH
2008-07-25 23:07 ` [patch 5/9] net pppoe: Check packet length on all receive paths Greg KH
2008-07-25 23:07 ` [patch 6/9] pppoe: Unshare skb before anything else Greg KH
2008-07-25 23:07 ` [patch 7/9] raw: Restore /proc/net/raw correct behavior Greg KH
2008-07-25 23:07 ` [patch 8/9] xfrm: fix fragmentation for ipv4 xfrm tunnel Greg KH
2008-07-25 23:07 ` Greg KH [this message]
2008-07-26 2:54 ` [patch 0/9] 2.6.25-stable review Grant Coady
2008-07-26 3:44 ` Greg KH
2008-07-26 4:07 ` Richard A Nelson
2008-07-26 5:08 ` [stable] " Greg KH
2008-07-26 6:27 ` Henrique de Moraes Holschuh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080725230738.GJ1612@suse.de \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=gerrit@erg.abdn.ac.uk \
--cc=jake@lwn.net \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox