Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ce4a7d0d authored by Arnaldo Carvalho de Melo's avatar Arnaldo Carvalho de Melo Committed by David S. Miller
Browse files

inet{6}_request_sock: Init ->opt and ->pktopts in the constructor 



Wei Yongjun noticed that we may call reqsk_free on request sock objects where
the opt fields may not be initialized, fix it by introducing inet_reqsk_alloc
where we initialize ->opt to NULL and set ->pktopts to NULL in
inet6_reqsk_alloc.

Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 45d465bc

include/linux/ipv6.h

+3 −1
Original line number Diff line number Diff line
@@ -396,8 +396,10 @@ static inline struct request_sock *inet6_reqsk_alloc(struct request_sock_ops *op 
{

	struct request_sock *req = reqsk_alloc(ops);



	if (req != NULL)

	if (req != NULL) {

		inet_rsk(req)->inet6_rsk_offset = inet6_rsk_offset(req);

		inet6_rsk(req)->pktopts = NULL;

	}



	return req;

}

include/net/inet_sock.h

+10 −0
Original line number Diff line number Diff line
@@ -197,4 +197,14 @@ static inline int inet_iif(const struct sk_buff *skb) 
	return skb->rtable->rt_iif;

}



static inline struct request_sock *inet_reqsk_alloc(struct request_sock_ops *ops)

{

	struct request_sock *req = reqsk_alloc(ops);



	if (req != NULL)

		inet_rsk(req)->opt = NULL;



	return req;

}



#endif	/* _INET_SOCK_H */

net/dccp/ipv4.c

+1 −2
Original line number Diff line number Diff line
@@ -589,7 +589,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb) 
	if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)

		goto drop;



	req = reqsk_alloc(&dccp_request_sock_ops);

	req = inet_reqsk_alloc(&dccp_request_sock_ops);

	if (req == NULL)

		goto drop;
@@ -605,7 +605,6 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb) 
	ireq = inet_rsk(req);

	ireq->loc_addr = ip_hdr(skb)->daddr;

	ireq->rmt_addr = ip_hdr(skb)->saddr;

	ireq->opt	= NULL;



	/*

	 * Step 3: Process LISTEN state

net/dccp/ipv6.c

+0 −1
Original line number Diff line number Diff line
@@ -421,7 +421,6 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb) 
	ireq6 = inet6_rsk(req);

	ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr);

	ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr);

	ireq6->pktopts	= NULL;



	if (ipv6_opt_accepted(sk, skb) ||

	    np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||

net/ipv4/syncookies.c

+1 −2
Original line number Diff line number Diff line
@@ -285,7 +285,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, 
		cookie_check_timestamp(&tcp_opt);



	ret = NULL;

	req = reqsk_alloc(&tcp_request_sock_ops); /* for safety */

	req = inet_reqsk_alloc(&tcp_request_sock_ops); /* for safety */

	if (!req)

		goto out;
@@ -301,7 +301,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, 
	ireq->rmt_port		= th->source;

	ireq->loc_addr		= ip_hdr(skb)->daddr;

	ireq->rmt_addr		= ip_hdr(skb)->saddr;

	ireq->opt		= NULL;

	ireq->snd_wscale	= tcp_opt.snd_wscale;

	ireq->rcv_wscale	= tcp_opt.rcv_wscale;

	ireq->sack_ok		= tcp_opt.sack_ok;