Commit 534f81a5 authored Mar 23, 2009 by Mark H. Weaver Committed by Patrick McHardy Mar 23, 2009

netfilter: nf_conntrack_tcp: fix unaligned memory access in tcp_sack



This patch fixes an unaligned memory access in tcp_sack while reading
sequence numbers from TCP selective acknowledgement options.  Prior to
applying this patch, upstream linux-2.6.27.20 was occasionally
generating messages like this on my sparc64 system:

  [54678.532071] Kernel unaligned access at TPC[6b17d4] tcp_packet+0xcd4/0xd00

Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>

parent d1238d53

net/netfilter/nf_conntrack_proto_tcp.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -15,6 +15,7 @@
		#include <linux/skbuff.h>
		#include <linux/ipv6.h>
		#include <net/ip6_checksum.h>
		#include <asm/unaligned.h>

		#include <net/tcp.h>

		@@ -466,7 +467,7 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff,
		for (i = 0;
		i < (opsize - TCPOLEN_SACK_BASE);
		i += TCPOLEN_SACK_PERBLOCK) {
		tmp = ntohl(((__be32 )(ptr+i)+1));
		tmp = get_unaligned_be32((__be32 *)(ptr+i)+1);

		if (after(tmp, *sack))
		*sack = tmp;