Commit Graph

3943 Commits

Author SHA1 Message Date
Herbert Xu
e0e8f1c822 [IPSEC] flow: Fix potential memory leak
When old flow cache entries that are not at the head of their chain
trigger a transient security error they get unlinked along with all
the entries preceding them in the chain.  The preceding entries are
not freed correctly.

This patch fixes this by simply leaving the entry around.  It's based
on a suggestion by Venkat Yekkirala.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-23 20:25:39 -08:00
Stephen Hemminger
65ebe63420 [PATCH] email change for shemminger@osdl.org
Change my email address to reflect OSDL merger.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
[ The irony. Somebody still has his sign-off message hardcoded
  in a script or his brainstem ;^]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-01-23 14:18:49 -08:00
Jarek Poplawski
483479ecc5 [IPV4] devinet: inetdev_init out label moved after RCU assignment
inetdev_init out label moved after RCU assignment
(final suggestion by Herbert Xu)

Signed-off-by: Jarek Poplawski <jarkao2@o2.pl>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-09 14:38:31 -08:00
Paul Moore
469de9b90f [INET]: style updates for the inet_sock->is_icsk assignment fix
A quick patch to change the inet_sock->is_icsk assignment to better fit with
existing kernel coding style.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-09 14:37:06 -08:00
Vlad Yasevich
4a1c0107bc [SCTP]: Fix err_hdr assignment in sctp_init_cause.
The subh->err_hdr should point to the error header, not the data.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-09 14:35:51 -08:00
Patrick McHardy
ffed53d25b [NETFILTER]: nf_nat: fix hanging connections when loading the NAT module
When loading the NAT module, existing connection tracking entries don't
have room for NAT information allocated and packets are dropped, causing
hanging connections. They really should be entered into the NAT table
as NULL mappings, but the current allocation scheme doesn't allow this.

For now simply accept those packets to avoid the hanging connections.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-09 14:33:49 -08:00
Patrick McHardy
f9f02cca25 [NETFILTER]: nf_conntrack_ipv6: fix crash when handling fragments
When IPv6 connection tracking splits up a defragmented packet into
its original fragments, the packets are taken from a list and are
passed to the network stack with skb->next still set. This causes
dev_hard_start_xmit to treat them as GSO fragments, resulting in
a use after free when connection tracking handles the next fragment.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-09 14:32:41 -08:00
Craig Schlenter
cb48cfe807 [TCP]: Fix iov_len calculation in tcp_v4_send_ack().
This fixes the ftp stalls present in the current kernels.

All credit goes to Komuro <komurojun-mbn@nifty.com> for tracking
this down. The patch is untested but it looks *cough* obviously
correct.

Signed-off-by: Craig Schlenter <craig@codefountain.com>
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-09 00:30:08 -08:00
Patrick McHardy
88044c8c96 [NETFILTER]: nf_conntrack_netbios_ns: fix uninitialized member in expectation
->helper is uninitialized in the expectation registered by the netbios_ns
helper and it later copied to the expected connection, which causes invalid
memory dereferences when trying to call the helper.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-09 00:30:07 -08:00
Paul Moore
2a2f11c227 NetLabel: correct CIPSO tag handling when adding new DOI definitions
The current netlbl_cipsov4_add_common() function has two problems which are
fixed with this patch.  The first is an off-by-one bug where it is possibile to
overflow the doi_def->tags[] array.  The second is a bug where the same
doi_def->tags[] array was not always fully initialized, which caused sporadic
failures.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2007-01-09 00:30:01 -08:00
Marcel Holtmann
c893779e9f [Bluetooth] Handle device registration failures
In the case the device registration for a new Bluetooth low-level
connection fails there is no need to unregister it when the temporary
data structure has been removed.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09 00:29:56 -08:00
Marcel Holtmann
4d6a2188bd [Bluetooth] Fix uninitialized return value for RFCOMM sendmsg()
When calling send() with a zero length parameter on a RFCOMM socket
it returns a positive value. In this rare case the variable err is
used uninitialized and unfortunately its value is returned.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09 00:29:55 -08:00
Marcel Holtmann
b6e557fbf1 [Bluetooth] More checks if DLC is still attached to the TTY
If the DLC device is no longer attached to the TTY device, then return
errors or default values for various callbacks of the TTY layer.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09 00:29:54 -08:00
Marcel Holtmann
f477756920 [Bluetooth] Add packet size checks for CAPI messages
With malformed packets it might be possible to overwrite internal
CMTP and CAPI data structures. This patch adds additional length
checks to prevent these kinds of remote attacks.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2007-01-09 00:29:53 -08:00
Andrew Hendry
d2e7543c41 [X25]: Trivial, SOCK_DEBUG's in x25_facilities missing newlines
Trivial. Newlines missing on the SOCK_DEBUG's for X.25 facility
negotiation.

Signed-off-by: Andrew Hendry <andrew.hendry@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-09 00:29:52 -08:00
Paul Moore
cbbd7d4f36 [INET]: Fix incorrect "inet_sock->is_icsk" assignment.
The inet_create() and inet6_create() functions incorrectly set the
inet_sock->is_icsk field.  Both functions assume that the is_icsk field is
large enough to hold at least a INET_PROTOSW_ICSK value when it is actually
only a single bit.  This patch corrects the assignment by doing a boolean
comparison whose result will safely fit into a single bit field.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-09 00:29:51 -08:00
David L Stevens
30c4cf577f [IPV4/IPV6]: Fix inet{,6} device initialization order.
It is important that we only assign dev->ip{,6}_ptr
only after all portions of the inet{,6} are setup.

Otherwise we can receive packets before the multicast
spinlocks et al. are initialized.

Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-04 12:31:14 -08:00
Chuck Ebbert
44f9a2fdc4 [NETFILTER]: ebtables: don't compute gap before checking struct type
We cannot compute the gap until we know we have a 'struct ebt_entry' and
not 'struct ebt_entries'.  Failure to check can cause crash.

Tested-by: Santiago Garcia Mantinan <manty@manty.net>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Chuck Ebbert <76306.1226@compuserve.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-04 12:17:44 -08:00
Martin Josefsson
bbdc176a2f [NETFILTER]: nf_nat: fix MASQUERADE crash on device down
Check the return value of nfct_nat() in device_cmp(), we might very well
have non NAT conntrack entries as well (Netfilter bugzilla #528).

Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-04 12:16:54 -08:00
Patrick McHardy
c9386cfddc [NETFILTER]: New connection tracking is not EXPERIMENTAL anymore
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-04 12:16:06 -08:00
Patrick McHardy
c68b8b687f [NETFILTER]: Fix routing of REJECT target generated packets in output chain
Packets generated by the REJECT target in the output chain have a local
destination address and a foreign source address. Make sure not to use
the foreign source address for the output route lookup.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-04 12:15:34 -08:00
Dmitry Mishin
e5b5ef7d2b [NETFILTER]: compat offsets size change
Used by compat code offsets of entries should be 'unsigned int' as entries
array size has this dimension.

Signed-off-by: Dmitry Mishin <dim@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-04 12:14:41 -08:00
Adrian Bunk
7f18ba6248 [X25]: proper prototype for x25_init_timers()
This patch adds a proper prototype for x25_init_timers() in 
include/net/x25.h

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-03 18:48:13 -08:00
Mariusz Kozlowski
5e7c001c62 [AF_NETLINK]: module_put cleanup
This patch removes redundant argument check for module_put().

Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-03 18:38:15 -08:00
Christoph Hellwig
22e7005023 [XFRM_USER]: avoid pointless void ** casts
All ->doit handlers want a struct rtattr **, so pass down the right
type.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-03 18:38:13 -08:00
Alexey Dobriyan
9c2440bbe8 [NETFILTER] xt_hashlimit.c: fix typo
Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-03 18:38:12 -08:00
David S. Miller
ee74baa7d8 [PKTGEN]: Convert to kthread API.
Based upon a suggestion from Christoph Hellwig.

This fixes various races in module load/unload handling
too.

Signed-off-by: David S. Miller <davem@davemloft.net>
2007-01-03 18:38:09 -08:00
Martin Willi
b836267aa7 [XFRM]: Algorithm lookup using .compat name
Installing an IPsec SA using old algorithm names (.compat) does not work
if the algorithm is not already loaded. When not using the PF_KEY
interface, algorithms are not preloaded in xfrm_probe_algs() and
installing a IPsec SA fails.

Signed-off-by: Martin Willi <martin@strongswan.org>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-31 14:06:51 -08:00
Jeff Garzik
3a960f7e35 Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 into upstream-fixes 2006-12-26 16:38:31 -05:00
David S. Miller
5c668704b7 [UDP]: Fix reversed logic in udp_get_port().
When this code was converted to use sk_for_each() the
logic for the "best hash chain length" code was reversed,
breaking everything.

The original code was of the form:

			size = 0;
			do {
				if (++size >= best_size_so_far)
					goto next;
			} while ((sk = sk->next) != NULL);
			best_size_so_far = size;
			best = result;
		next:;

and this got converted into:

			sk_for_each(sk2, node, head)
				if (++size < best_size_so_far) {
					best_size_so_far = size;
					best = result;
				}

Which does something very very different from the original.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-22 11:42:26 -08:00
Adrian Bunk
24123186fa [SCTP]: make 2 functions static
This patch makes the following needlessly global functions static:
- ipv6.c: sctp_inet6addr_event()
- protocol.c: sctp_inetaddr_event()

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-22 11:12:05 -08:00
Ivan Skytte Jorgensen
0f3fffd8ab [SCTP]: Fix typo adaption -> adaptation as per the latest API draft.
Signed-off-by: Ivan Skytte Jorgensen <isj-sctp@i1.dk>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-22 11:12:04 -08:00
Paul Moore
caff5b6a6b NetLabel: correctly fill in unused CIPSOv4 level and category mappings
Back when the original NetLabel patches were being changed to use Netlink
attributes correctly some code was accidentially dropped which set all of the
undefined CIPSOv4 level and category mappings to a sentinel value.  The result
is the mappings data in the kernel contains bogus mappings which always map to
zero.  This patch restores the old/correct behavior by initializing the mapping
data to the correct sentinel value.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2006-12-22 11:11:58 -08:00
Paul Moore
1fd2a25b77 NetLabel: perform input validation earlier on CIPSOv4 DOI add ops
There are a couple of cases where the user input for a CIPSOv4 DOI add
operation was not being done soon enough; the result was unexpected behavior
which was resulting in oops/panics/lockups on some platforms.  This patch moves
the existing input validation code earlier in the code path to protect against
bogus user input.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2006-12-22 11:11:56 -08:00
Akinobu Mita
fadfc8e930 [PATCH] gss_spkm3: fix error handling in module init
Return error and prevent from loading module when gss_mech_register()
failed.

Cc: Andy Adamson <andros@citi.umich.edu>
Cc: J. Bruce Fields <bfields@citi.umich.edu>
Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-22 08:55:49 -08:00
Ulrich Kunitz
0c234ae655 [PATCH] ieee80211softmac: Fix mutex_lock at exit of ieee80211_softmac_get_genie
ieee80211softmac_wx_get_genie locks the associnfo mutex at
function exit. This patch fixes it. The patch is against Linus'
tree (commit af1713e0).

Signed-off-by: Ulrich Kunitz <kune@deine-taler.de>
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-12-19 16:19:45 -05:00
Ulrich Kunitz
6f07a8a3eb [PATCH] ieee80211softmac: Fix errors related to the work_struct changes
The signature of work functions changed recently from a context
pointer to the work structure pointer. This caused a problem in
the ieee80211softmac code, because the ieee80211softmac_assox_work
function has  been called directly with a parameter explicitly
casted to (void*). This compiled correctly but resulted in a
softlock, because mutex_lock was called with the wrong memory
address. The patch fixes the problem. Another issue was a wrong
call of the schedule_work function. Softmac works again and this
fixes the problem I mentioned earlier in the zd1211rw rx tasklet
patch. The patch is against Linus' tree (commit af1713e0).

Signed-off-by: Ulrich Kunitz <kune@deine-taler.de>
Acked-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2006-12-19 16:16:15 -05:00
Li Yewang
14fb8a7647 [IPV4]: Fix BUG of ip_rt_send_redirect()
Fix the redirect packet of the router if the jiffies wraparound.

Signed-off-by: Li Yewang <lyw@nanjing-fnst.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-18 00:26:35 -08:00
Leigh Brown
a9fc00cca8 [TCP]: Trivial fix to message in tcp_v4_inbound_md5_hash
The message logged in tcp_v4_inbound_md5_hash when the hash was expected
but not found was reversed.

Signed-off-by: Leigh Brown <leigh@solinno.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-17 21:59:26 -08:00
Leigh Brown
8228a18dd3 [TCP]: Fix oops caused by tcp_v4_md5_do_del
md5sig_info.alloced4 must be set to zero when freeing keys4, otherwise
it will not be alloc'd again when another key is added to the same
socket by tcp_v4_md5_do_add.

Signed-off-by: Leigh Brown <leigh@solinno.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-17 21:59:25 -08:00
David S. Miller
9b54d5c610 [NETFILTER] IPV6: Fix dependencies.
Although the menu dependencies in net/ipv6/netfilter/Kconfig
guard the entries in that file from the Kconfig GUI, this does
not prevent them from being selected still via "make oldconfig"
when IPV6 etc. is disabled.

So add explicit dependencies.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-17 21:59:18 -08:00
Ralf Baechle
a3d384029a [AX.25]: Fix unchecked rose_add_loopback_neigh uses
rose_add_loopback_neigh uses kmalloc and the callers were ignoring the
error value.  Rewrite to let the caller deal with the allocation.  This
allows the use of static allocation of kmalloc use entirely.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-17 21:59:14 -08:00
Ralf Baechle
a159aaa328 [AX.25]: Fix unchecked rose_add_loopback_node uses
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-17 21:59:13 -08:00
Ralf Baechle
a4282717c1 [AX.25]: Fix unchecked ax25_linkfail_register uses
ax25_linkfail_register uses kmalloc and the callers were ignoring the
error value.  Rewrite to let the caller deal with the allocation.  This
allows the use of static allocation of kmalloc use entirely.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-17 21:59:11 -08:00
Ralf Baechle
58bc574715 [AX.25]: Fix unchecked nr_add_node uses.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-17 21:59:10 -08:00
Ralf Baechle
81dcd16906 [AX.25]: Fix unchecked ax25_listen_register uses
Fix ax25_listen_register to return something that's a sane error code,
then all callers to use it.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-17 21:59:09 -08:00
Ralf Baechle
8d5cf596d1 [AX.25]: Fix unchecked ax25_protocol_register uses.
Replace ax25_protocol_register by ax25_register_pid which assumes the
caller has done the memory allocation.  This allows replacing the
kmalloc allocations entirely by static allocations.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-17 21:59:08 -08:00
Ralf Baechle
c9266b99e2 [AX.25]: Mark all kmalloc users __must_check
The recent fix 0506d4068b made obvious that
error values were not being propagated through the AX.25 stack.  To help
with that this patch marks all kmalloc users in the AX.25, NETROM and
ROSE stacks as __must_check.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-17 21:59:07 -08:00
Patrick McHardy
2bf540b73e [NETFILTER]: bridge-netfilter: remove deferred hooks
Remove the deferred hooks and all related code as scheduled in
feature-removal-schedule.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:54:25 -08:00
Kim Nordlund
8bce65b95a [IPV6]: Make fib6_node subtree depend on IPV6_SUBTREES
Make fib6_node 'subtree' depend on IPV6_SUBTREES.

Signed-off-by: Kim Nordlund <kim.nordlund@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:31 -08:00