[lucid/fsl-imx51 CVE 02/12] tcp: use limited socket backlog CVE-2010-4251
Andy Whitcroft
apw at canonical.com
Fri Jul 22 17:42:31 UTC 2011
From: Zhu Yi <yi.zhu at intel.com>
BugLink: http://bugs.launchpad.net/bugs/807462
Make tcp adapt to the limited socket backlog change.
Cc: "David S. Miller" <davem at davemloft.net>
Cc: Alexey Kuznetsov <kuznet at ms2.inr.ac.ru>
Cc: "Pekka Savola (ipv6)" <pekkas at netcore.fi>
Cc: Patrick McHardy <kaber at trash.net>
Signed-off-by: Zhu Yi <yi.zhu at intel.com>
Acked-by: Eric Dumazet <eric.dumazet at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit 6b03a53a5ab7ccf2d5d69f96cf1c739c4d2a8fb9)
Signed-off-by: Paolo Pisati <paolo.pisati at canonical.com>
Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
net/ipv4/tcp_ipv4.c | 6 ++++--
net/ipv6/tcp_ipv6.c | 6 ++++--
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 6d88219..92db108 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1596,8 +1596,10 @@ process:
if (!tcp_prequeue(sk, skb))
ret = tcp_v4_do_rcv(sk, skb);
}
- } else
- sk_add_backlog(sk, skb);
+ } else if (sk_add_backlog_limited(sk, skb)) {
+ bh_unlock_sock(sk);
+ goto discard_and_relse;
+ }
bh_unlock_sock(sk);
sock_put(sk);
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index d849dd5..f73e6b9 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1684,8 +1684,10 @@ process:
if (!tcp_prequeue(sk, skb))
ret = tcp_v6_do_rcv(sk, skb);
}
- } else
- sk_add_backlog(sk, skb);
+ } else if (sk_add_backlog_limited(sk, skb)) {
+ bh_unlock_sock(sk);
+ goto discard_and_relse;
+ }
bh_unlock_sock(sk);
sock_put(sk);
--
1.7.4.1
More information about the kernel-team
mailing list