linux/net/dccp, branch v3.7.1

dccp: fix info leak via getsockopt(DCCP_SOCKOPT_CCID_TX_INFO)

2012-08-16T04:36:31Z

The CCID3 code fails to initialize the trailing padding bytes of struct tfrc_tx_info added for alignment on 64 bit architectures. It that for potentially leaks four bytes kernel stack via the getsockopt() syscall. Add an explicit memset(0) before filling the structure to avoid the info leak. Signed-off-by: Mathias Krause Cc: Gerrit Renker Signed-off-by: David S. Miller

dccp: check ccid before dereferencing

2012-08-16T04:36:31Z

ccid_hc_rx_getsockopt() and ccid_hc_tx_getsockopt() might be called with a NULL ccid pointer leading to a NULL pointer dereference. This could lead to a privilege escalation if the attacker is able to map page 0 and prepare it with a fake ccid_ops pointer. Signed-off-by: Mathias Krause Cc: Gerrit Renker Cc: stable@vger.kernel.org Signed-off-by: David S. Miller

ipv4: Prepare for change of rt->rt_iif encoding.

2012-07-23T23:36:26Z

Use inet_iif() consistently, and for TCP record the input interface of cached RX dst in inet sock. rt->rt_iif is going to be encoded differently, so that we can legitimately cache input routes in the FIB info more aggressively. When the input interface is "use SKB device index" the rt->rt_iif will be set to zero. This forces us to move the TCP RX dst cache installation into the ipv4 specific code, and as well it should since doing the route caching for ipv6 is pointless at the moment since it is not inspected in the ipv6 input paths yet. Also, remove the unlikely on dst->obsolete, all ipv4 dsts have obsolete set to a non-zero value to force invocation of the check callback. Signed-off-by: David S. Miller

ipv4: Kill FLOWI_FLAG_RT_NOCACHE and associated code.

2012-07-20T20:36:54Z

Signed-off-by: David S. Miller

net: Pass optional SKB and SK arguments to dst_ops->{update_pmtu,redirect}()

2012-07-17T10:29:28Z

This will be used so that we can compose a full flow key. Even though we have a route in this context, we need more. In the future the routes will be without destination address, source address, etc. keying. One ipv4 route will cover entire subnets, etc. In this environment we have to have a way to possess persistent storage for redirects and PMTU information. This persistent storage will exist in the FIB tables, and that's why we'll need to be able to rebuild a full lookup flow key here. Using that flow key will do a fib_lookup() and create/update the persistent entry. Signed-off-by: David S. Miller

ipv6: Add helper inet6_csk_update_pmtu().

2012-07-16T10:44:56Z

This is the ipv6 version of inet_csk_update_pmtu(). Signed-off-by: David S. Miller

ipv4: Add helper inet_csk_update_pmtu().

2012-07-16T10:28:06Z

This abstracts away the call to dst_ops->update_pmtu() so that we can transparently handle the fact that, in the future, the dst itself can be invalidated by the PMTU update (when we have non-host routes cached in sockets). So we try to rebuild the socket cached route after the method invocation if necessary. This isn't used by SCTP because it needs to cache dsts per-transport, and thus will need it's own local version of this helper. Signed-off-by: David S. Miller

net: Remove checks for dst_ops->redirect being NULL.

2012-07-12T07:41:25Z

No longer necessary. Signed-off-by: David S. Miller

ipv6: Add redirect support to all protocol icmp error handlers.

2012-07-12T07:25:15Z

Signed-off-by: David S. Miller

ipv4: Add redirect support to all protocol icmp error handlers.

2012-07-12T04:27:49Z

Signed-off-by: David S. Miller