ip: ip_options_compile() resilient to NULL skb route
[linux-2.6.git] / net / ipv4 / ip_options.c
index 7e1074f..2391b24 100644 (file)
@@ -11,6 +11,7 @@
 
 #include <linux/capability.h>
 #include <linux/module.h>
+#include <linux/slab.h>
 #include <linux/types.h>
 #include <asm/uaccess.h>
 #include <linux/skbuff.h>
@@ -139,11 +140,11 @@ int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb)
                                } else {
                                        dopt->ts_needtime = 0;
 
-                                       if (soffset + 8 <= optlen) {
+                                       if (soffset + 7 <= optlen) {
                                                __be32 addr;
 
-                                               memcpy(&addr, sptr+soffset-1, 4);
-                                               if (inet_addr_type(dev_net(skb->dst->dev), addr) != RTN_LOCAL) {
+                                               memcpy(&addr, dptr+soffset-1, 4);
+                                               if (inet_addr_type(dev_net(skb_dst(skb)->dev), addr) != RTN_UNICAST) {
                                                        dopt->ts_needtime = 1;
                                                        soffset += 8;
                                                }
@@ -237,7 +238,6 @@ void ip_options_fragment(struct sk_buff * skb)
        opt->rr_needaddr = 0;
        opt->ts_needaddr = 0;
        opt->ts_needtime = 0;
-       return;
 }
 
 /*
@@ -329,7 +329,7 @@ int ip_options_compile(struct net *net,
                                        pp_ptr = optptr + 2;
                                        goto error;
                                }
-                               if (skb) {
+                               if (rt) {
                                        memcpy(&optptr[optptr[2]-1], &rt->rt_spec_dst, 4);
                                        opt->is_changed = 1;
                                }
@@ -371,7 +371,7 @@ int ip_options_compile(struct net *net,
                                                goto error;
                                        }
                                        opt->ts = optptr - iph;
-                                       if (skb) {
+                                       if (rt)  {
                                                memcpy(&optptr[optptr[2]-1], &rt->rt_spec_dst, 4);
                                                timeptr = (__be32*)&optptr[optptr[2]+3];
                                        }
@@ -466,7 +466,7 @@ error:
        }
        return -EINVAL;
 }
-
+EXPORT_SYMBOL(ip_options_compile);
 
 /*
  *     Undo all the changes done by ip_options_compile().
@@ -600,9 +600,10 @@ int ip_options_rcv_srr(struct sk_buff *skb)
        unsigned char *optptr = skb_network_header(skb) + opt->srr;
        struct rtable *rt = skb_rtable(skb);
        struct rtable *rt2;
+       unsigned long orefdst;
        int err;
 
-       if (!opt->srr)
+       if (!opt->srr || !rt)
                return 0;
 
        if (skb->pkt_type != PACKET_HOST)
@@ -623,16 +624,16 @@ int ip_options_rcv_srr(struct sk_buff *skb)
                }
                memcpy(&nexthop, &optptr[srrptr-1], 4);
 
-               rt = skb_rtable(skb);
-               skb->dst = NULL;
+               orefdst = skb->_skb_refdst;
+               skb_dst_set(skb, NULL);
                err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, skb->dev);
                rt2 = skb_rtable(skb);
                if (err || (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) {
-                       ip_rt_put(rt2);
-                       skb->dst = &rt->u.dst;
+                       skb_dst_drop(skb);
+                       skb->_skb_refdst = orefdst;
                        return -EINVAL;
                }
-               ip_rt_put(rt);
+               refdst_drop(orefdst);
                if (rt2->rt_type != RTN_LOCAL)
                        break;
                /* Superfast 8) loopback forward */
@@ -645,3 +646,4 @@ int ip_options_rcv_srr(struct sk_buff *skb)
        }
        return 0;
 }
+EXPORT_SYMBOL(ip_options_rcv_srr);