* [PATCH net,stable 1/2] l2tp: Fix PPP header erasure and memory leak
[not found] <cover.1371044671.git.g.nault@alphalink.fr>
@ 2013-06-12 14:07 ` Guillaume Nault
2013-06-12 14:41 ` Eric Dumazet
2013-06-13 9:39 ` David Miller
2013-06-12 14:07 ` [PATCH net,stable 2/2] l2tp: Fix sendmsg() return value Guillaume Nault
1 sibling, 2 replies; 6+ messages in thread
From: Guillaume Nault @ 2013-06-12 14:07 UTC (permalink / raw)
To: netdev; +Cc: James Chapman, David Miller
Copy user data after PPP framing header. This prevents erasure of the
added PPP header and avoids leaking two bytes of uninitialised memory
at the end of skb's data buffer.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
---
net/l2tp/l2tp_ppp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index 637a341..681c626 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -346,12 +346,12 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh
skb_put(skb, 2);
/* Copy user data into skb */
- error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
+ error = memcpy_fromiovec(skb_put(skb, total_len), m->msg_iov,
+ total_len);
if (error < 0) {
kfree_skb(skb);
goto error_put_sess_tun;
}
- skb_put(skb, total_len);
l2tp_xmit_skb(session, skb, session->hdr_len);
--
1.7.10.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH net,stable 2/2] l2tp: Fix sendmsg() return value
[not found] <cover.1371044671.git.g.nault@alphalink.fr>
2013-06-12 14:07 ` [PATCH net,stable 1/2] l2tp: Fix PPP header erasure and memory leak Guillaume Nault
@ 2013-06-12 14:07 ` Guillaume Nault
2013-06-13 9:39 ` David Miller
1 sibling, 1 reply; 6+ messages in thread
From: Guillaume Nault @ 2013-06-12 14:07 UTC (permalink / raw)
To: netdev; +Cc: James Chapman, David Miller
PPPoL2TP sockets should comply with the standard send*() return values
(i.e. return number of bytes sent instead of 0 upon success).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
---
net/l2tp/l2tp_ppp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index 681c626..8dec687 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -358,7 +358,7 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh
sock_put(ps->tunnel_sock);
sock_put(sk);
- return error;
+ return total_len;
error_put_sess_tun:
sock_put(ps->tunnel_sock);
--
1.7.10.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH net,stable 1/2] l2tp: Fix PPP header erasure and memory leak
2013-06-12 14:07 ` [PATCH net,stable 1/2] l2tp: Fix PPP header erasure and memory leak Guillaume Nault
@ 2013-06-12 14:41 ` Eric Dumazet
2013-06-12 14:50 ` Eric Dumazet
2013-06-13 9:39 ` David Miller
1 sibling, 1 reply; 6+ messages in thread
From: Eric Dumazet @ 2013-06-12 14:41 UTC (permalink / raw)
To: Guillaume Nault; +Cc: netdev, James Chapman, David Miller
On Wed, 2013-06-12 at 16:07 +0200, Guillaume Nault wrote:
> Copy user data after PPP framing header. This prevents erasure of the
> added PPP header and avoids leaking two bytes of uninitialised memory
> at the end of skb's data buffer.
>
> Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
> ---
> net/l2tp/l2tp_ppp.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
> index 637a341..681c626 100644
> --- a/net/l2tp/l2tp_ppp.c
> +++ b/net/l2tp/l2tp_ppp.c
> @@ -346,12 +346,12 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh
> skb_put(skb, 2);
>
> /* Copy user data into skb */
> - error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
> + error = memcpy_fromiovec(skb_put(skb, total_len), m->msg_iov,
> + total_len);
> if (error < 0) {
> kfree_skb(skb);
> goto error_put_sess_tun;
> }
> - skb_put(skb, total_len);
>
> l2tp_xmit_skb(session, skb, session->hdr_len);
>
I see no real change in your patch.
skb_put(skb, X) returns skb->data before the put operation.
Could you elaborate ?
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net,stable 1/2] l2tp: Fix PPP header erasure and memory leak
2013-06-12 14:41 ` Eric Dumazet
@ 2013-06-12 14:50 ` Eric Dumazet
0 siblings, 0 replies; 6+ messages in thread
From: Eric Dumazet @ 2013-06-12 14:50 UTC (permalink / raw)
To: Guillaume Nault; +Cc: netdev, James Chapman, David Miller
On Wed, 2013-06-12 at 07:41 -0700, Eric Dumazet wrote:
> On Wed, 2013-06-12 at 16:07 +0200, Guillaume Nault wrote:
> > Copy user data after PPP framing header. This prevents erasure of the
> > added PPP header and avoids leaking two bytes of uninitialised memory
> > at the end of skb's data buffer.
> >
> > Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
> > ---
> > net/l2tp/l2tp_ppp.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
> > index 637a341..681c626 100644
> > --- a/net/l2tp/l2tp_ppp.c
> > +++ b/net/l2tp/l2tp_ppp.c
> > @@ -346,12 +346,12 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh
> > skb_put(skb, 2);
> >
> > /* Copy user data into skb */
> > - error = memcpy_fromiovec(skb->data, m->msg_iov, total_len);
> > + error = memcpy_fromiovec(skb_put(skb, total_len), m->msg_iov,
> > + total_len);
> > if (error < 0) {
> > kfree_skb(skb);
> > goto error_put_sess_tun;
> > }
> > - skb_put(skb, total_len);
> >
> > l2tp_xmit_skb(session, skb, session->hdr_len);
> >
>
> I see no real change in your patch.
>
> skb_put(skb, X) returns skb->data before the put operation.
>
> Could you elaborate ?
Oh well, I missed the prior skb_put(skb, 2), nevermind
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net,stable 1/2] l2tp: Fix PPP header erasure and memory leak
2013-06-12 14:07 ` [PATCH net,stable 1/2] l2tp: Fix PPP header erasure and memory leak Guillaume Nault
2013-06-12 14:41 ` Eric Dumazet
@ 2013-06-13 9:39 ` David Miller
1 sibling, 0 replies; 6+ messages in thread
From: David Miller @ 2013-06-13 9:39 UTC (permalink / raw)
To: g.nault; +Cc: netdev, jchapman
From: Guillaume Nault <g.nault@alphalink.fr>
Date: Wed, 12 Jun 2013 16:07:23 +0200
> Copy user data after PPP framing header. This prevents erasure of the
> added PPP header and avoids leaking two bytes of uninitialised memory
> at the end of skb's data buffer.
>
> Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Applied.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net,stable 2/2] l2tp: Fix sendmsg() return value
2013-06-12 14:07 ` [PATCH net,stable 2/2] l2tp: Fix sendmsg() return value Guillaume Nault
@ 2013-06-13 9:39 ` David Miller
0 siblings, 0 replies; 6+ messages in thread
From: David Miller @ 2013-06-13 9:39 UTC (permalink / raw)
To: g.nault; +Cc: netdev, jchapman
From: Guillaume Nault <g.nault@alphalink.fr>
Date: Wed, 12 Jun 2013 16:07:36 +0200
> PPPoL2TP sockets should comply with the standard send*() return values
> (i.e. return number of bytes sent instead of 0 upon success).
>
> Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Applied.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-06-13 9:39 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <cover.1371044671.git.g.nault@alphalink.fr>
2013-06-12 14:07 ` [PATCH net,stable 1/2] l2tp: Fix PPP header erasure and memory leak Guillaume Nault
2013-06-12 14:41 ` Eric Dumazet
2013-06-12 14:50 ` Eric Dumazet
2013-06-13 9:39 ` David Miller
2013-06-12 14:07 ` [PATCH net,stable 2/2] l2tp: Fix sendmsg() return value Guillaume Nault
2013-06-13 9:39 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).