This is a note to let you know that I've just added the patch titled
ipip: fix a regression in ioctl
to the 3.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ipip-fix-a-regression-in-ioctl.patch
and it can be found in the queue-3.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 675b9402488074d7081811cb67055fb1e1f515b3 Mon Sep 17 00:00:00 2001
From: Cong Wang <amwang@xxxxxxxxxx>
Date: Tue, 2 Jul 2013 14:49:34 +0800
Subject: ipip: fix a regression in ioctl
From: Cong Wang <amwang@xxxxxxxxxx>
[ Upstream commit 3b7b514f44bff05d26a6499c4d4fac2a83938e6e ]
This is a regression introduced by
commit fd58156e456d9f68fe0448 (IPIP: Use ip-tunneling code.)
Similar to GRE tunnel, previously we only check the parameters
for SIOCADDTUNNEL and SIOCCHGTUNNEL, after that commit, the
check is moved for all commands.
So, just check for SIOCADDTUNNEL and SIOCCHGTUNNEL.
Also, the check for i_key, o_key etc. is suspicious too,
which did not exist before, reset them before passing
to ip_tunnel_ioctl().
Signed-off-by: Cong Wang <amwang@xxxxxxxxxx>
Cc: Pravin B Shelar <pshelar@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/ipv4/ipip.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -240,11 +240,13 @@ ipip_tunnel_ioctl(struct net_device *dev
if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
return -EFAULT;
- if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
- p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
- return -EINVAL;
- if (p.i_key || p.o_key || p.i_flags || p.o_flags)
- return -EINVAL;
+ if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
+ if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
+ p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
+ return -EINVAL;
+ }
+
+ p.i_key = p.o_key = p.i_flags = p.o_flags = 0;
if (p.iph.ttl)
p.iph.frag_off |= htons(IP_DF);
Patches currently in stable-queue which might be from amwang@xxxxxxxxxx are
queue-3.10/ipv6-mcast-always-hold-idev-lock-before-mca_lock.patch
queue-3.10/ipip-fix-a-regression-in-ioctl.patch
queue-3.10/vti-remove-duplicated-code-to-fix-a-memory-leak.patch
queue-3.10/gre-fix-mtu-sizing-check-for-gretap-tunnels.patch
queue-3.10/gre-fix-a-regression-in-ioctl.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html