[NET]: skb_trim audit
authorHerbert Xu <herbert@gondor.apana.org.au>
Fri, 9 Jun 2006 23:13:01 +0000 (16:13 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Sun, 18 Jun 2006 04:30:20 +0000 (21:30 -0700)
I found a few more spots where pskb_trim_rcsum could be used but were not.
This patch changes them to use it.

Also, sk_filter can get paged skb data.  Therefore we must use pskb_trim
instead of skb_trim.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/sock.h
net/bridge/br_netfilter.c
net/ipv6/netfilter/nf_conntrack_reasm.c

index 75b0e97ed93db8328d5cf1aee4b7e416261011ae..96565ff0de6aa46e08eb932a8a97b4c5da9f3451 100644 (file)
@@ -873,10 +873,7 @@ static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
                if (filter) {
                        unsigned int pkt_len = sk_run_filter(skb, filter->insns,
                                                             filter->len);
                if (filter) {
                        unsigned int pkt_len = sk_run_filter(skb, filter->insns,
                                                             filter->len);
-                       if (!pkt_len)
-                               err = -EPERM;
-                       else
-                               skb_trim(skb, pkt_len);
+                       err = pkt_len ? pskb_trim(skb, pkt_len) : -EPERM;
                }
 
                if (needlock)
                }
 
                if (needlock)
index 3da9264449f79d6d517fce1391af3f663bdde3a8..3e41f9d6d51c7f27d167cee06ddff99556c8dca8 100644 (file)
@@ -407,12 +407,8 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook,
        if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) {
                if (pkt_len + sizeof(struct ipv6hdr) > skb->len)
                        goto inhdr_error;
        if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) {
                if (pkt_len + sizeof(struct ipv6hdr) > skb->len)
                        goto inhdr_error;
-               if (pkt_len + sizeof(struct ipv6hdr) < skb->len) {
-                       if (__pskb_trim(skb, pkt_len + sizeof(struct ipv6hdr)))
-                               goto inhdr_error;
-                       if (skb->ip_summed == CHECKSUM_HW)
-                               skb->ip_summed = CHECKSUM_NONE;
-               }
+               if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr)))
+                       goto inhdr_error;
        }
        if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb))
                goto inhdr_error;
        }
        if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb))
                goto inhdr_error;
@@ -495,11 +491,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
        if (skb->len < len || len < 4 * iph->ihl)
                goto inhdr_error;
 
        if (skb->len < len || len < 4 * iph->ihl)
                goto inhdr_error;
 
-       if (skb->len > len) {
-               __pskb_trim(skb, len);
-               if (skb->ip_summed == CHECKSUM_HW)
-                       skb->ip_summed = CHECKSUM_NONE;
-       }
+       pskb_trim_rcsum(skb, len);
 
        nf_bridge_put(skb->nf_bridge);
        if (!nf_bridge_alloc(skb))
 
        nf_bridge_put(skb->nf_bridge);
        if (!nf_bridge_alloc(skb))
index 3e319035f82df0d6a429ad47ec88e83991038fa8..c32a029e43f0530a3c5e58c764ea3eef16247646 100644 (file)
@@ -456,13 +456,9 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
                DEBUGP("queue: message is too short.\n");
                goto err;
        }
                DEBUGP("queue: message is too short.\n");
                goto err;
        }
-       if (end-offset < skb->len) {
-               if (pskb_trim(skb, end - offset)) {
-                       DEBUGP("Can't trim\n");
-                       goto err;
-               }
-               if (skb->ip_summed != CHECKSUM_UNNECESSARY)
-                       skb->ip_summed = CHECKSUM_NONE;
+       if (pskb_trim_rcsum(skb, end - offset)) {
+               DEBUGP("Can't trim\n");
+               goto err;
        }
 
        /* Find out which fragments are in front and at the back of us
        }
 
        /* Find out which fragments are in front and at the back of us