Rémi Denis-Courmont wrote:
> On Thursday 05 July 2007 20:25:50 ext James Chapman wrote:
>
>>Rémi Denis-Courmont wrote:
>>
>>>By the way, couldn't encap_type be remove altogether (using two slightly
>>>different callbacks for ESP) from udp_sock?
>>
>>The notion of encap_type is needed for the setsockopt call so it would
>>have to stay in the API. If it were removed from udp_sock, getsockopt
>>would have to derive the encap_type from encap_rcv funcptr values, which
>>would be messy. I think it might complicate the logic in ESP too.
>
>
> Right. By the way, shouldn't "len" rather be signed in there?
>
> unsigned int len;
>
> /* if we're overly short, let UDP handle it */
> len = skb->len - sizeof(struct udphdr);
> if (len <= 0)
> goto udp;
It should, but the < 0 case can't happen since __udp4_lib_rcv
already makes sure that we have at least a complete UDP header.
Anyways, this patch fixes it.
Signed-off-by: Patrick McHardy <[EMAIL PROTECTED]>
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 4ec4a25..2835535 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -951,14 +951,10 @@ int udp_queue_rcv_skb(struct sock * sk, struct sk_buff
*skb)
* >0 if skb should be passed on to UDP.
* <0 if skb should be resubmitted as proto -N
*/
- unsigned int len;
/* if we're overly short, let UDP handle it */
- len = skb->len - sizeof(struct udphdr);
- if (len <= 0)
- goto udp;
-
- if (up->encap_rcv != NULL) {
+ if (skb->len > sizeof(struct udphdr) &&
+ up->encap_rcv != NULL) {
int ret;
ret = (*up->encap_rcv)(sk, skb);
@@ -971,7 +967,6 @@ int udp_queue_rcv_skb(struct sock * sk, struct sk_buff *skb)
/* FALLTHROUGH -- it's a UDP Packet */
}
-udp:
/*
* UDP-Lite specific tests, ignored on UDP sockets
*/
