Skip to content

Commit ce4a7d0

Browse files
acmeldavem330
acmel
authored and
davem330
committed
inet{6}_request_sock: Init ->opt and ->pktopts in the constructor
Wei Yongjun noticed that we may call reqsk_free on request sock objects where the opt fields may not be initialized, fix it by introducing inet_reqsk_alloc where we initialize ->opt to NULL and set ->pktopts to NULL in inet6_reqsk_alloc. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 45d465b commit ce4a7d0

File tree

8 files changed

+16
-9
lines changed

8 files changed

+16
-9
lines changed

include/linux/ipv6.h

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -396,8 +396,10 @@ static inline struct request_sock *inet6_reqsk_alloc(struct request_sock_ops *op
396396
{
397397
struct request_sock *req = reqsk_alloc(ops);
398398

399-
if (req != NULL)
399+
if (req != NULL) {
400400
inet_rsk(req)->inet6_rsk_offset = inet6_rsk_offset(req);
401+
inet6_rsk(req)->pktopts = NULL;
402+
}
401403

402404
return req;
403405
}

include/net/inet_sock.h

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -197,4 +197,14 @@ static inline int inet_iif(const struct sk_buff *skb)
197197
return skb->rtable->rt_iif;
198198
}
199199

200+
static inline struct request_sock *inet_reqsk_alloc(struct request_sock_ops *ops)
201+
{
202+
struct request_sock *req = reqsk_alloc(ops);
203+
204+
if (req != NULL)
205+
inet_rsk(req)->opt = NULL;
206+
207+
return req;
208+
}
209+
200210
#endif /* _INET_SOCK_H */

net/dccp/ipv4.c

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -589,7 +589,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
589589
if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
590590
goto drop;
591591

592-
req = reqsk_alloc(&dccp_request_sock_ops);
592+
req = inet_reqsk_alloc(&dccp_request_sock_ops);
593593
if (req == NULL)
594594
goto drop;
595595

@@ -605,7 +605,6 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
605605
ireq = inet_rsk(req);
606606
ireq->loc_addr = ip_hdr(skb)->daddr;
607607
ireq->rmt_addr = ip_hdr(skb)->saddr;
608-
ireq->opt = NULL;
609608

610609
/*
611610
* Step 3: Process LISTEN state

net/dccp/ipv6.c

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -421,7 +421,6 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
421421
ireq6 = inet6_rsk(req);
422422
ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr);
423423
ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr);
424-
ireq6->pktopts = NULL;
425424

426425
if (ipv6_opt_accepted(sk, skb) ||
427426
np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||

net/ipv4/syncookies.c

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -285,7 +285,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
285285
cookie_check_timestamp(&tcp_opt);
286286

287287
ret = NULL;
288-
req = reqsk_alloc(&tcp_request_sock_ops); /* for safety */
288+
req = inet_reqsk_alloc(&tcp_request_sock_ops); /* for safety */
289289
if (!req)
290290
goto out;
291291

@@ -301,7 +301,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
301301
ireq->rmt_port = th->source;
302302
ireq->loc_addr = ip_hdr(skb)->daddr;
303303
ireq->rmt_addr = ip_hdr(skb)->saddr;
304-
ireq->opt = NULL;
305304
ireq->snd_wscale = tcp_opt.snd_wscale;
306305
ireq->rcv_wscale = tcp_opt.rcv_wscale;
307306
ireq->sack_ok = tcp_opt.sack_ok;

net/ipv4/tcp_ipv4.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1285,7 +1285,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
12851285
if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
12861286
goto drop;
12871287

1288-
req = reqsk_alloc(&tcp_request_sock_ops);
1288+
req = inet_reqsk_alloc(&tcp_request_sock_ops);
12891289
if (!req)
12901290
goto drop;
12911291

net/ipv6/syncookies.c

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -198,7 +198,6 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
198198
ireq = inet_rsk(req);
199199
ireq6 = inet6_rsk(req);
200200
treq = tcp_rsk(req);
201-
ireq6->pktopts = NULL;
202201

203202
if (security_inet_conn_request(sk, skb, req)) {
204203
reqsk_free(req);

net/ipv6/tcp_ipv6.c

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1299,7 +1299,6 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
12991299
treq = inet6_rsk(req);
13001300
ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
13011301
ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1302-
treq->pktopts = NULL;
13031302
if (!want_cookie)
13041303
TCP_ECN_create_request(req, tcp_hdr(skb));
13051304

0 commit comments

Comments
 (0)