* [PATCH][IPV6] fix clearing in ah6 input
@ 2003-08-06 7:28 Kazunori Miyazawa
2003-08-08 4:47 ` David S. Miller
0 siblings, 1 reply; 2+ messages in thread
From: Kazunori Miyazawa @ 2003-08-06 7:28 UTC (permalink / raw)
To: davem, kuznet; +Cc: netdev, usagi, latten
Hello,
This patch fixes zero-clear in ah6_input.
If calling pskb_expand_head, the kernel clears wrong memory.
This patch is against linux-2.6.0-test2
Best regards,
diff -ruN a/net/ipv6/ah6.c b/net/ipv6/ah6.c
--- a/net/ipv6/ah6.c 2003-07-28 02:05:05.000000000 +0900
+++ b/net/ipv6/ah6.c 2003-08-06 12:57:19.000000000 +0900
@@ -262,13 +262,12 @@
* There is offset of AH before IPv6 header after the process.
*/
- struct ipv6hdr *iph = skb->nh.ipv6h;
struct ipv6_auth_hdr *ah;
struct ah_data *ahp;
unsigned char *tmp_hdr = NULL;
- u16 hdr_len = skb->data - skb->nh.raw;
+ u16 hdr_len;
u16 ah_hlen;
- u16 cleared_hlen = hdr_len;
+ u16 cleared_hlen;
u16 nh_offset = 0;
u8 nexthdr = 0;
u8 *prevhdr;
@@ -276,6 +275,14 @@
if (!pskb_may_pull(skb, sizeof(struct ip_auth_hdr)))
goto out;
+ /* We are going to _remove_ AH header to keep sockets happy,
+ * so... Later this can change. */
+ if (skb_cloned(skb) &&
+ pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
+ goto out;
+
+ hdr_len = skb->data - skb->nh.raw;
+ cleared_hlen = hdr_len;
ah = (struct ipv6_auth_hdr*)skb->data;
ahp = x->data;
nexthdr = ah->nexthdr;
@@ -294,27 +301,22 @@
if (!pskb_may_pull(skb, ah_hlen))
goto out;
- /* We are going to _remove_ AH header to keep sockets happy,
- * so... Later this can change. */
- if (skb_cloned(skb) &&
- pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
- goto out;
-
tmp_hdr = kmalloc(cleared_hlen, GFP_ATOMIC);
if (!tmp_hdr)
goto out;
memcpy(tmp_hdr, skb->nh.raw, cleared_hlen);
ipv6_clear_mutable_options(skb, &nh_offset, XFRM_POLICY_IN);
- iph->priority = 0;
- iph->flow_lbl[0] = 0;
- iph->flow_lbl[1] = 0;
- iph->flow_lbl[2] = 0;
- iph->hop_limit = 0;
+ skb->nh.ipv6h->priority = 0;
+ skb->nh.ipv6h->flow_lbl[0] = 0;
+ skb->nh.ipv6h->flow_lbl[1] = 0;
+ skb->nh.ipv6h->flow_lbl[2] = 0;
+ skb->nh.ipv6h->hop_limit = 0;
{
u8 auth_data[ahp->icv_trunc_len];
memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len);
+ memset(ah->auth_data, 0, ahp->icv_trunc_len);
skb_push(skb, skb->data - skb->nh.raw);
ahp->icv(ahp, skb, ah->auth_data);
if (memcmp(ah->auth_data, auth_data, ahp->icv_trunc_len)) {
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH][IPV6] fix clearing in ah6 input
2003-08-06 7:28 [PATCH][IPV6] fix clearing in ah6 input Kazunori Miyazawa
@ 2003-08-08 4:47 ` David S. Miller
0 siblings, 0 replies; 2+ messages in thread
From: David S. Miller @ 2003-08-08 4:47 UTC (permalink / raw)
To: Kazunori Miyazawa; +Cc: kuznet, netdev, usagi, latten
On Wed, 6 Aug 2003 16:28:08 +0900
Kazunori Miyazawa <kazunori@miyazawa.org> wrote:
> This patch fixes zero-clear in ah6_input.
> If calling pskb_expand_head, the kernel clears wrong memory.
Patch applied, thank you very much.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-08-08 4:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-06 7:28 [PATCH][IPV6] fix clearing in ah6 input Kazunori Miyazawa
2003-08-08 4:47 ` David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).