netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] IPV6: fix data offset calculation when pushing frag options {dst1opts|auth}
@ 2003-07-10 23:44 Thomas Graf
  2003-07-11  0:18 ` YOSHIFUJI Hideaki / 吉藤英明
  0 siblings, 1 reply; 7+ messages in thread
From: Thomas Graf @ 2003-07-10 23:44 UTC (permalink / raw)
  To: davem, jmorris, yoshfuji; +Cc: netdev, tgraf

Hello

ip6_append_data:
The offset in the datagram where the payload gets copied
to (transhdrlen) is not calculated correctly: the size
of frag opts {dst1opt|auth} is not taken into account.
This lead to overwritten payload by frag opts.

yoshfuji agreed on this.

patch is against 2.5.75

 -- thomas


Index: net/ipv6/ip6_output.c
===================================================================
RCS file: /cvs/tgr/linux-25/net/ipv6/ip6_output.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 ip6_output.c
--- net/ipv6/ip6_output.c	10 Jul 2003 22:58:50 -0000	1.1.1.2
+++ net/ipv6/ip6_output.c	10 Jul 2003 23:36:48 -0000
@@ -1247,11 +1247,9 @@
 		inet->cork.length = 0;
 		inet->sndmsg_page = NULL;
 		inet->sndmsg_off = 0;
-		if ((exthdrlen = rt->u.dst.header_len) != 0) {
-			length += exthdrlen;
-			transhdrlen += exthdrlen;
-		}
-		exthdrlen += opt ? opt->opt_flen : 0;
+		exthdrlen = rt->u.dst.header_len + opt ? opt->opt_flen : 0;
+		length += exthdrlen;
+		transhdrlen += exthdrlen;
 	} else {
 		rt = np->cork.rt;
 		if (inet->cork.flags & IPCORK_OPT)

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH] IPV6: fix data offset calculation when pushing frag options {dst1opts|auth}
  2003-07-10 23:44 [PATCH] IPV6: fix data offset calculation when pushing frag options {dst1opts|auth} Thomas Graf
@ 2003-07-11  0:18 ` YOSHIFUJI Hideaki / 吉藤英明
  2003-07-11  0:24   ` YOSHIFUJI Hideaki / 吉藤英明
  2003-07-11  0:27   ` Thomas Graf
  0 siblings, 2 replies; 7+ messages in thread
From: YOSHIFUJI Hideaki / 吉藤英明 @ 2003-07-11  0:18 UTC (permalink / raw)
  To: tgraf, davem, jmorris; +Cc: netdev

In article <20030710234449.GB30577@rei.rakuen> (at Fri, 11 Jul 2003 01:44:49 +0200), Thomas Graf <tgraf@suug.ch> says:

> yoshfuji agreed on this.

I agreed, but

> -		exthdrlen += opt ? opt->opt_flen : 0;
> +		exthdrlen = rt->u.dst.header_len + opt ? opt->opt_flen : 0;

Well, sorry, this was wrong.

D: fix offset of payload with extension header.
D: based on patch from Thomas Graf <tgraf@suug.ch>

Index: linux-2.5/net/ipv6/ip6_output.c
===================================================================
RCS file: /home/cvs/linux-2.5/net/ipv6/ip6_output.c,v
retrieving revision 1.33
diff -u -r1.33 ip6_output.c
--- linux-2.5/net/ipv6/ip6_output.c	9 Jul 2003 05:55:17 -0000	1.33
+++ linux-2.5/net/ipv6/ip6_output.c	10 Jul 2003 22:50:33 -0000
@@ -1247,11 +1247,9 @@
 		inet->cork.length = 0;
 		inet->sndmsg_page = NULL;
 		inet->sndmsg_off = 0;
-		if ((exthdrlen = rt->u.dst.header_len) != 0) {
-			length += exthdrlen;
-			transhdrlen += exthdrlen;
-		}
-		exthdrlen += opt ? opt->opt_flen : 0;
+		exthdrlen += rt->u.dst.header_len + (opt ? opt->opt_flen : 0);
+		length += exthdrlen;
+		transhdrlen += exthdrlen;
 	} else {
 		rt = np->cork.rt;
 		if (inet->cork.flags & IPCORK_OPT)

--yoshfuji

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH] IPV6: fix data offset calculation when pushing frag options {dst1opts|auth}
  2003-07-11  0:24   ` YOSHIFUJI Hideaki / 吉藤英明
@ 2003-07-11  0:18     ` David S. Miller
  0 siblings, 0 replies; 7+ messages in thread
From: David S. Miller @ 2003-07-11  0:18 UTC (permalink / raw)
  To: yoshfuji; +Cc: tgraf, jmorris, netdev

   From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org>
   Date: Fri, 11 Jul 2003 09:24:35 +0900 (JST)

   In article <20030711.091814.128467921.yoshfuji@linux-ipv6.org> (at Fri, 11 Jul 2003 09:18:14 +0900 (JST)), YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org> says:
   
   > D: fix offset of payload with extension header.
   > D: based on patch from Thomas Graf <tgraf@suug.ch>
   
   Oops, thas wrong again; please use this instead...

Applied, thanks.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH] IPV6: fix data offset calculation when pushing frag options {dst1opts|auth}
  2003-07-11  0:27   ` Thomas Graf
@ 2003-07-11  0:22     ` David S. Miller
  2003-07-11  0:32       ` Thomas Graf
  0 siblings, 1 reply; 7+ messages in thread
From: David S. Miller @ 2003-07-11  0:22 UTC (permalink / raw)
  To: tgraf; +Cc: yoshfuji, jmorris, netdev

   From: Thomas Graf <tgraf@suug.ch>
   Date: Fri, 11 Jul 2003 02:27:13 +0200

   * yoshfuji@linux-ipv6.org wrote:
   > +		exthdrlen += rt->u.dst.header_len + (opt ? opt->opt_flen : 0);
   
   exthdrlen is uninitialized.
   
Yoshfuji already fixed this, see his followup.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH] IPV6: fix data offset calculation when pushing frag options {dst1opts|auth}
  2003-07-11  0:18 ` YOSHIFUJI Hideaki / 吉藤英明
@ 2003-07-11  0:24   ` YOSHIFUJI Hideaki / 吉藤英明
  2003-07-11  0:18     ` David S. Miller
  2003-07-11  0:27   ` Thomas Graf
  1 sibling, 1 reply; 7+ messages in thread
From: YOSHIFUJI Hideaki / 吉藤英明 @ 2003-07-11  0:24 UTC (permalink / raw)
  To: tgraf, davem, jmorris; +Cc: netdev

In article <20030711.091814.128467921.yoshfuji@linux-ipv6.org> (at Fri, 11 Jul 2003 09:18:14 +0900 (JST)), YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@linux-ipv6.org> says:

> D: fix offset of payload with extension header.
> D: based on patch from Thomas Graf <tgraf@suug.ch>

Oops, thas wrong again; please use this instead...

Index: linux-2.5/net/ipv6/ip6_output.c
===================================================================
RCS file: /home/cvs/linux-2.5/net/ipv6/ip6_output.c,v
retrieving revision 1.33
diff -u -r1.33 ip6_output.c
--- linux-2.5/net/ipv6/ip6_output.c	9 Jul 2003 05:55:17 -0000	1.33
+++ linux-2.5/net/ipv6/ip6_output.c	10 Jul 2003 23:02:56 -0000
@@ -1247,11 +1247,9 @@
 		inet->cork.length = 0;
 		inet->sndmsg_page = NULL;
 		inet->sndmsg_off = 0;
-		if ((exthdrlen = rt->u.dst.header_len) != 0) {
-			length += exthdrlen;
-			transhdrlen += exthdrlen;
-		}
-		exthdrlen += opt ? opt->opt_flen : 0;
+		exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0);
+		length += exthdrlen;
+		transhdrlen += exthdrlen;
 	} else {
 		rt = np->cork.rt;
 		if (inet->cork.flags & IPCORK_OPT)

-- 
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@linux-ipv6.org>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH] IPV6: fix data offset calculation when pushing frag options {dst1opts|auth}
  2003-07-11  0:18 ` YOSHIFUJI Hideaki / 吉藤英明
  2003-07-11  0:24   ` YOSHIFUJI Hideaki / 吉藤英明
@ 2003-07-11  0:27   ` Thomas Graf
  2003-07-11  0:22     ` David S. Miller
  1 sibling, 1 reply; 7+ messages in thread
From: Thomas Graf @ 2003-07-11  0:27 UTC (permalink / raw)
  To: YOSHIFUJI Hideaki / ?$B5HF#1QL@; +Cc: davem, jmorris, netdev

* yoshfuji@linux-ipv6.org wrote:
> +		exthdrlen += rt->u.dst.header_len + (opt ? opt->opt_flen : 0);

exthdrlen is uninitialized.

New patch:

Index: net/ipv6/ip6_output.c
===================================================================
RCS file: /cvs/tgr/linux-25/net/ipv6/ip6_output.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 ip6_output.c
--- net/ipv6/ip6_output.c	10 Jul 2003 22:58:50 -0000	1.1.1.2
+++ net/ipv6/ip6_output.c	10 Jul 2003 23:36:48 -0000
@@ -1247,11 +1247,9 @@
 		inet->cork.length = 0;
 		inet->sndmsg_page = NULL;
 		inet->sndmsg_off = 0;
-		if ((exthdrlen = rt->u.dst.header_len) != 0) {
-			length += exthdrlen;
-			transhdrlen += exthdrlen;
-		}
-		exthdrlen += opt ? opt->opt_flen : 0;
+		exthdrlen = rt->u.dst.header_len + (opt ? opt->opt_flen : 0);
+		length += exthdrlen;
+		transhdrlen += exthdrlen;
 	} else {
 		rt = np->cork.rt;
 		if (inet->cork.flags & IPCORK_OPT)

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH] IPV6: fix data offset calculation when pushing frag options {dst1opts|auth}
  2003-07-11  0:22     ` David S. Miller
@ 2003-07-11  0:32       ` Thomas Graf
  0 siblings, 0 replies; 7+ messages in thread
From: Thomas Graf @ 2003-07-11  0:32 UTC (permalink / raw)
  To: David S. Miller; +Cc: yoshfuji, jmorris, netdev

* davem@redhat.com wrote:
>    From: Thomas Graf <tgraf@suug.ch>
>    Date: Fri, 11 Jul 2003 02:27:13 +0200
> 
>    * yoshfuji@linux-ipv6.org wrote:
>    > +		exthdrlen += rt->u.dst.header_len + (opt ? opt->opt_flen : 0);
>    
>    exthdrlen is uninitialized.
>    
> Yoshfuji already fixed this, see his followup.

Yep, received that mail while writing the last one ;)

 -- thomas

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2003-07-11  0:32 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-07-10 23:44 [PATCH] IPV6: fix data offset calculation when pushing frag options {dst1opts|auth} Thomas Graf
2003-07-11  0:18 ` YOSHIFUJI Hideaki / 吉藤英明
2003-07-11  0:24   ` YOSHIFUJI Hideaki / 吉藤英明
2003-07-11  0:18     ` David S. Miller
2003-07-11  0:27   ` Thomas Graf
2003-07-11  0:22     ` David S. Miller
2003-07-11  0:32       ` Thomas Graf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).