git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[MCAST] IPv6: Check packet size when process Multicast
[safe/jmp/linux-2.6] / net / ipv6 / udp.c
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index dbd18a9..bf95193 100644 (file)
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -99,7 +99,7 @@ static int udp_v6_get_port(struct sock *sk, unsigned short snum)
                next:;
                }
                result = best;
-               for(;; result += UDP_HTABLE_SIZE) {
+               for(i = 0; i < (1 << 16) / UDP_HTABLE_SIZE; i++, result += UDP_HTABLE_SIZE) {
                        if (result > sysctl_local_port_range[1])
                                result = sysctl_local_port_range[0]
                                        + ((result - sysctl_local_port_range[0]) &
@@ -107,6 +107,8 @@ static int udp_v6_get_port(struct sock *sk, unsigned short snum)
                        if (!udp_lport_inuse(result))
                                break;
                }
+               if (i >= (1 << 16) / UDP_HTABLE_SIZE)
+                       goto fail;
 gotit:
                udp_port_rover = snum = result;
        } else {
@@ -405,9 +407,8 @@ static struct sock *udp_v6_mcast_next(struct sock *sk,
                                continue;
 
                        if (!ipv6_addr_any(&np->rcv_saddr)) {
-                               if (ipv6_addr_equal(&np->rcv_saddr, loc_addr))
-                                       return s;
-                               continue;
+                               if (!ipv6_addr_equal(&np->rcv_saddr, loc_addr))
+                                       continue;
                        }
                        if(!inet6_mc_check(s, loc_addr, rmt_addr))
                                continue;
@@ -483,7 +484,7 @@ static int udpv6_rcv(struct sk_buff **pskb, unsigned int *nhoffp)
        }
 
        if (ulen < skb->len) {
-               if (__pskb_trim(skb, ulen))
+               if (pskb_trim_rcsum(skb, ulen))
                        goto discard;
                saddr = &skb->nh.ipv6h->saddr;
                daddr = &skb->nh.ipv6h->daddr;
@@ -640,6 +641,7 @@ static int udpv6_sendmsg(struct kiocb *iocb, struct sock *sk,
        int tclass = -1;
        int corkreq = up->corkflag || msg->msg_flags&MSG_MORE;
        int err;
+       int connected = 0;
 
        /* destination address check */
        if (sin6) {
@@ -749,6 +751,7 @@ do_udp_sendmsg:
                fl->fl_ip_dport = inet->dport;
                daddr = &np->daddr;
                fl->fl6_flowlabel = np->flow_label;
+               connected = 1;
        }
 
        if (!fl->oif)
@@ -771,6 +774,7 @@ do_udp_sendmsg:
                }
                if (!(opt->opt_nflen|opt->opt_flen))
                        opt = NULL;
+               connected = 0;
        }
        if (opt == NULL)
                opt = np->opt;
@@ -788,10 +792,13 @@ do_udp_sendmsg:
                ipv6_addr_copy(&final, &fl->fl6_dst);
                ipv6_addr_copy(&fl->fl6_dst, rt0->addr);
                final_p = &final;
+               connected = 0;
        }
 
-       if (!fl->oif && ipv6_addr_is_multicast(&fl->fl6_dst))
+       if (!fl->oif && ipv6_addr_is_multicast(&fl->fl6_dst)) {
                fl->oif = np->mcast_oif;
+               connected = 0;
+       }
 
        err = ip6_dst_lookup(sk, &dst, fl);
        if (err)
@@ -799,10 +806,8 @@ do_udp_sendmsg:
        if (final_p)
                ipv6_addr_copy(&fl->fl6_dst, final_p);
 
-       if ((err = xfrm_lookup(&dst, fl, sk, 0)) < 0) {
-               dst_release(dst);
+       if ((err = xfrm_lookup(&dst, fl, sk, 0)) < 0)
                goto out;
-       }
 
        if (hlimit < 0) {
                if (ipv6_addr_is_multicast(&fl->fl6_dst))
@@ -849,10 +854,16 @@ do_append_data:
        else if (!corkreq)
                err = udp_v6_push_pending_frames(sk, up);
 
-       if (dst)
-               ip6_dst_store(sk, dst,
-                             ipv6_addr_equal(&fl->fl6_dst, &np->daddr) ?
-                             &np->daddr : NULL);
+       if (dst) {
+               if (connected) {
+                       ip6_dst_store(sk, dst,
+                                     ipv6_addr_equal(&fl->fl6_dst, &np->daddr) ?
+                                     &np->daddr : NULL);
+               } else {
+                       dst_release(dst);
+               }
+       }
+
        if (err > 0)
                err = np->recverr ? net_xmit_errno(err) : 0;
        release_sock(sk);
Full containers within linux kernel