[PATCH 12/13 net-next-2.6] [TIPC]: Fix bugs in rejection of message with short header

[PATCH 00/13 net-next-2.6] [TIPC]: More minor fixes and enhancements · Allan Stephens <hidden> · 2008-05-30
[PATCH 04/13 net-next-2.6] [TIPC]: Fix minor bugs in link session number handling · Allan Stephens <hidden> · 2008-05-30
[PATCH 01/13 net-next-2.6] [TIPC]: Fix bug in connection setup via native API · Allan Stephens <hidden> · 2008-05-30
[PATCH 03/13 net-next-2.6] [TIPC]: Fix bugs in message error code display when debugging · Allan Stephens <hidden> · 2008-05-30
[PATCH 02/13 net-next-2.6] [TIPC]: Standardize error checking on incoming messages via native API · Allan Stephens <hidden> · 2008-05-30
[PATCH 05/13 net-next-2.6] [TIPC]: Minor optimizations to received message processing · Allan Stephens <hidden> · 2008-05-30
[PATCH 06/13 net-next-2.6] [TIPC]: Prevent access of non-existent field in short message header · Allan Stephens <hidden> · 2008-05-30
[PATCH 07/13 net-next-2.6] [TIPC]: Optimize message initialization routine · Allan Stephens <hidden> · 2008-05-30
[PATCH 08/13 net-next-2.6] [TIPC]: Prevent display of name table types with no publications · Allan Stephens <hidden> · 2008-05-30
[PATCH 09/13 net-next-2.6] [TIPC]: Add missing spinlock in name table display code · Allan Stephens <hidden> · 2008-05-30
[PATCH 10/13 net-next-2.6] [TIPC]: Expand link sequence gap field to 13 bits · Allan Stephens <hidden> · 2008-05-30
[PATCH 11/13 net-next-2.6] [TIPC]: Message header creation optimizations · Allan Stephens <hidden> · 2008-05-30
[PATCH 12/13 net-next-2.6] [TIPC]: Fix bugs in rejection of message with short header · Allan Stephens <hidden> · 2008-05-30
[PATCH 13/13 net-next-2.6] [TIPC]: Message rejection rework preparatory changes · Allan Stephens <hidden> · 2008-05-30
Re: [PATCH 00/13 net-next-2.6] [TIPC]: More minor fixes and enhancements · David Miller <davem@davemloft.net> · 2008-06-05

STALE6577d

From: Allan Stephens <hidden>
Date: 2008-05-30 18:23:14
Subsystem: networking [general], the rest, tipc network layer · Maintainers: "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds, Jon Maloy

This patch ensures that TIPC doesn't try to access non-existent
message header fields when rejecting a message with a short header.

Signed-off-by: Allan Stephens <redacted>
---
 net/tipc/port.c |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/net/tipc/port.c b/net/tipc/port.c
index 93014f9..2e0cff4 100644
--- a/net/tipc/port.c
+++ b/net/tipc/port.c

@@ -448,13 +448,15 @@ int tipc_reject_msg(struct sk_buff *buf, u32 err)
 	msg_set_errcode(rmsg, err);
 	msg_set_destport(rmsg, msg_origport(msg));
 	msg_set_origport(rmsg, msg_destport(msg));
-	if (msg_short(msg))
+	if (msg_short(msg)) {
 		msg_set_orignode(rmsg, tipc_own_addr);
-	else
+		/* leave name type & instance as zeroes */
+	} else {
 		msg_set_orignode(rmsg, msg_destnode(msg));
+		msg_set_nametype(rmsg, msg_nametype(msg));
+		msg_set_nameinst(rmsg, msg_nameinst(msg));
+	}
 	msg_set_size(rmsg, data_sz + hdr_sz);
-	msg_set_nametype(rmsg, msg_nametype(msg));
-	msg_set_nameinst(rmsg, msg_nameinst(msg));
 	skb_copy_to_linear_data_offset(rbuf, hdr_sz, msg_data(msg), data_sz);
 
 	/* send self-abort message when rejecting on a connected port */

-- 
1.5.3.2

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help