| From stable-bounces@linux.kernel.org Tue Apr 18 19:12:27 2006 |
| Date: Wed, 19 Apr 2006 11:14:23 +0900 (JST) |
| Message-Id: <20060419.111423.48104035.yoshfuji@linux-ipv6.org> |
| To: stable@kernel.org |
| From: YOSHIFUJI Hideaki / =?iso-2022-jp?B?GyRCNUhGIzFRTEAbKEI=?= |
| <yoshfuji@linux-ipv6.org> |
| Cc: netdev-core@vger.kernel.org, yoshfuji@linux-ipv6.org, |
| kazunori@miyazawa.org, takamiya@po.ntts.co.jp |
| Subject: IPV6: XFRM: Fix decoding session with preceding extension header(s). |
| |
| [IPV6] XFRM: Fix decoding session with preceding extension header(s). |
| |
| We did not correctly decode session with preceding extension |
| header(s). This was because we had already pulled preceding |
| headers, skb->nh.raw + 40 + 1 - skb->data was minus, and |
| pskb_may_pull() failed. |
| |
| We now have IP6CB(skb)->nhoff and skb->h.raw, and we can |
| start parsing / decoding upper layer protocol from current |
| position. |
| |
| Tracked down by Noriaki TAKAMIYA <takamiya@po.ntts.co.jp> |
| and tested by Kazunori Miyazawa <kazunori@miyazawa.org>. |
| |
| Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/ipv6/xfrm6_policy.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- linux-2.6.16.9.orig/net/ipv6/xfrm6_policy.c |
| +++ linux-2.6.16.9/net/ipv6/xfrm6_policy.c |
| @@ -191,10 +191,10 @@ error: |
| static inline void |
| _decode_session6(struct sk_buff *skb, struct flowi *fl) |
| { |
| - u16 offset = sizeof(struct ipv6hdr); |
| + u16 offset = skb->h.raw - skb->nh.raw; |
| struct ipv6hdr *hdr = skb->nh.ipv6h; |
| struct ipv6_opt_hdr *exthdr; |
| - u8 nexthdr = skb->nh.ipv6h->nexthdr; |
| + u8 nexthdr = skb->nh.raw[IP6CB(skb)->nhoff]; |
| |
| memset(fl, 0, sizeof(struct flowi)); |
| ipv6_addr_copy(&fl->fl6_dst, &hdr->daddr); |
