Skip to content

Commit

Permalink
tcp: Fix tcp_make_synack()
Browse files Browse the repository at this point in the history 
Commit 4957faa (TCPCT part 1g: Responder Cookie => Initiator), part
of TCP_COOKIE_TRANSACTION implementation, forgot to correctly size
synack skb in case user data must be included.

Many thanks to Mika Pentillä for spotting this error.

Reported-by: Penttillä Mika <mika.penttila@ixonos.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Eric Dumazet authored and David S. Miller committed Mar 8, 2010
1 parent 9837638 commit 28b2774
Showing 1 changed file with 9 additions and 9 deletions.
18 changes: 9 additions & 9 deletions net/ipv4/tcp_output.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2395,13 +2395,17 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
struct tcp_extend_values *xvp = tcp_xv(rvp);
struct inet_request_sock *ireq = inet_rsk(req);
struct tcp_sock *tp = tcp_sk(sk);
const struct tcp_cookie_values *cvp = tp->cookie_values;
struct tcphdr *th;
struct sk_buff *skb;
struct tcp_md5sig_key *md5;
int tcp_header_size;
int mss;
int s_data_desired = 0;

skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15, 1, GFP_ATOMIC);
if (cvp != NULL && cvp->s_data_constant && cvp->s_data_desired)
s_data_desired = cvp->s_data_desired;
skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15 + s_data_desired, 1, GFP_ATOMIC);
if (skb == NULL)
return NULL;

Expand Down Expand Up @@ -2457,16 +2461,12 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst,
TCPCB_FLAG_SYN | TCPCB_FLAG_ACK);

if (OPTION_COOKIE_EXTENSION & opts.options) {
const struct tcp_cookie_values *cvp = tp->cookie_values;

if (cvp != NULL &&
cvp->s_data_constant &&
cvp->s_data_desired > 0) {
u8 *buf = skb_put(skb, cvp->s_data_desired);
if (s_data_desired) {
u8 *buf = skb_put(skb, s_data_desired);

/* copy data directly from the listening socket. */
memcpy(buf, cvp->s_data_payload, cvp->s_data_desired);
TCP_SKB_CB(skb)->end_seq += cvp->s_data_desired;
memcpy(buf, cvp->s_data_payload, s_data_desired);
TCP_SKB_CB(skb)->end_seq += s_data_desired;
}

if (opts.hash_size > 0) {
Expand Down

0 comments on commit 28b2774

Please sign in to comment.