projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 29a3cad)
ipv4: Correct comparisons and calculations using skb->tail and skb-transport_header
authorSimon Horman <horms@verge.net.au>
Tue, 28 May 2013 20:34:27 +0000 (20:34 +0000)
committerDavid S. Miller <davem@davemloft.net>
Wed, 29 May 2013 06:49:07 +0000 (23:49 -0700)
This corrects an regression introduced by "net: Use 16bits for *_headers
fields of struct skbuff" when NET_SKBUFF_DATA_USES_OFFSET is not set. In
that case skb->tail will be a pointer whereas skb->transport_header
will be an offset from head. This is corrected by using wrappers that
ensure that comparisons and calculations are always made using pointers.

Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/icmp.c patch | blob | history
net/ipv4/igmp.c patch | blob | history
net/ipv4/tcp.c patch | blob | history

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 562efd91f457f324335ec6ee75ff469d28266d72..5d0d379b0152d76df92f2cfaaf60799358d5191e 100644 (file)
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -503,7 +503,8 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
        iph = ip_hdr(skb_in);
 
        if ((u8 *)iph < skb_in->head ||
-           (skb_in->network_header + sizeof(*iph)) > skb_in->tail)
+           (skb_network_header(skb_in) + sizeof(*iph)) >
+           skb_tail_pointer(skb_in))
                goto out;
 
        /*
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index d8c232794bcb4bc995f850cabf42ac7bc8eac37a..450f625361e4bf181f2ffab6137a57668e8d9eea 100644 (file)
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -363,7 +363,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size)
 static int igmpv3_sendpack(struct sk_buff *skb)
 {
        struct igmphdr *pig = igmp_hdr(skb);
-       const int igmplen = skb->tail - skb->transport_header;
+       const int igmplen = skb_tail_pointer(skb) - skb_transport_header(skb);
 
        pig->csum = ip_compute_csum(igmp_hdr(skb), igmplen);
 
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index ba4186e1dca98518a427f14e53c3650b83843fb8..1f58594d5a853beec0ded42c7b41d3946b3faee0 100644 (file)
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2989,7 +2989,8 @@ struct sk_buff *tcp_tso_segment(struct sk_buff *skb,
                swap(gso_skb->truesize, skb->truesize);
        }
 
-       delta = htonl(oldlen + (skb->tail - skb->transport_header) +
+       delta = htonl(oldlen + (skb_tail_pointer(skb) -
+                               skb_transport_header(skb)) +
                      skb->data_len);
        th->check = ~csum_fold((__force __wsum)((__force u32)th->check +
                                (__force u32)delta));
John Crispins staging tree