[patch 9/9] udplite: Protection against coverage value wrap-around

From: Greg KH
Date: Fri Jul 25 2008 - 19:13:56 EST

Next message: Adrian Bunk: "virtio header BSD licencing"
Previous message: Greg KH: "[patch 8/9] xfrm: fix fragmentation for ipv4 xfrm tunnel"
In reply to: Greg KH: "[patch 8/9] xfrm: fix fragmentation for ipv4 xfrm tunnel"
Next in thread: Grant Coady: "Re: [patch 0/9] 2.6.25-stable review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.25-stable review patch. If anyone has any objections, please let us
know.

------------------
From: Gerrit Renker <gerrit@xxxxxxxxxxxxxx>

[ Upstream commit 47112e25da41d9059626033986dc3353e101f815 ]

This patch clamps the cscov setsockopt values to a maximum of 0xFFFF.

Setsockopt values greater than 0xffff can cause an unwanted
wrap-around. Further, IPv6 jumbograms are not supported (RFC 3838,
3.5), so that values greater than 0xffff are not even useful.

Further changes: fixed a typo in the documentation.

[ Add USHORT_MAX from upstream to linux/kernel.h -DaveM ]

Signed-off-by: Gerrit Renker <gerrit@xxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
Documentation/networking/udplite.txt | 2 +-
include/linux/kernel.h | 1 +
net/ipv4/udp.c | 4 ++++
3 files changed, 6 insertions(+), 1 deletion(-)

--- a/Documentation/networking/udplite.txt
+++ b/Documentation/networking/udplite.txt
@@ -148,7 +148,7 @@
getsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, &value, ...);

is meaningless (as in TCP). Packets with a zero checksum field are
- illegal (cf. RFC 3828, sec. 3.1) will be silently discarded.
+ illegal (cf. RFC 3828, sec. 3.1) and will be silently discarded.

4) Fragmentation

--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -20,6 +20,7 @@
extern const char linux_banner[];
extern const char linux_proc_banner[];

+#define USHORT_MAX ((u16)(~0U))
#define INT_MAX ((int)(~0U>>1))
#define INT_MIN (-INT_MAX - 1)
#define UINT_MAX (~0U)
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1325,6 +1325,8 @@ int udp_lib_setsockopt(struct sock *sk,
return -ENOPROTOOPT;
if (val != 0 && val < 8) /* Illegal coverage: use default (8) */
val = 8;
+ else if (val > USHORT_MAX)
+ val = USHORT_MAX;
up->pcslen = val;
up->pcflag |= UDPLITE_SEND_CC;
break;
@@ -1337,6 +1339,8 @@ int udp_lib_setsockopt(struct sock *sk,
return -ENOPROTOOPT;
if (val != 0 && val < 8) /* Avoid silly minimal values. */
val = 8;
+ else if (val > USHORT_MAX)
+ val = USHORT_MAX;
up->pcrlen = val;
up->pcflag |= UDPLITE_RECV_CC;
break;

--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adrian Bunk: "virtio header BSD licencing"
Previous message: Greg KH: "[patch 8/9] xfrm: fix fragmentation for ipv4 xfrm tunnel"
In reply to: Greg KH: "[patch 8/9] xfrm: fix fragmentation for ipv4 xfrm tunnel"
Next in thread: Grant Coady: "Re: [patch 0/9] 2.6.25-stable review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]