mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-11-01 17:08:10 +00:00
30c7be26fd
In commits93821778de("udp: Fix rcv socket locking") andf7ad74fef3("net/ipv6/udp: UDP encapsulation: break backlog_rcv into __udpv6_queue_rcv_skb") UDP backlog handlers were renamed, but UDPlite was forgotten. This leads to crashes if UDPlite header is pulled twice, which happens starting from commite6afc8ace6("udp: remove headers from UDP packets before queueing") Bug found by syzkaller team, thanks a lot guys ! Note that backlog use in UDP/UDPlite is scheduled to be removed starting from linux-4.10, so this patch is only needed up to linux-4.9 Fixes:93821778de("udp: Fix rcv socket locking") Fixes:f7ad74fef3("net/ipv6/udp: UDP encapsulation: break backlog_rcv into __udpv6_queue_rcv_skb") Fixes:e6afc8ace6("udp: remove headers from UDP packets before queueing") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Andrey Konovalov <andreyknvl@google.com> Cc: Benjamin LaHaise <bcrl@kvack.org> Cc: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
35 lines
1.3 KiB
C
35 lines
1.3 KiB
C
#ifndef _UDP6_IMPL_H
|
|
#define _UDP6_IMPL_H
|
|
#include <net/udp.h>
|
|
#include <net/udplite.h>
|
|
#include <net/protocol.h>
|
|
#include <net/addrconf.h>
|
|
#include <net/inet_common.h>
|
|
#include <net/transp_v6.h>
|
|
|
|
int __udp6_lib_rcv(struct sk_buff *, struct udp_table *, int);
|
|
void __udp6_lib_err(struct sk_buff *, struct inet6_skb_parm *, u8, u8, int,
|
|
__be32, struct udp_table *);
|
|
|
|
int udp_v6_get_port(struct sock *sk, unsigned short snum);
|
|
|
|
int udpv6_getsockopt(struct sock *sk, int level, int optname,
|
|
char __user *optval, int __user *optlen);
|
|
int udpv6_setsockopt(struct sock *sk, int level, int optname,
|
|
char __user *optval, unsigned int optlen);
|
|
#ifdef CONFIG_COMPAT
|
|
int compat_udpv6_setsockopt(struct sock *sk, int level, int optname,
|
|
char __user *optval, unsigned int optlen);
|
|
int compat_udpv6_getsockopt(struct sock *sk, int level, int optname,
|
|
char __user *optval, int __user *optlen);
|
|
#endif
|
|
int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len);
|
|
int udpv6_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int noblock,
|
|
int flags, int *addr_len);
|
|
int __udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb);
|
|
void udpv6_destroy_sock(struct sock *sk);
|
|
|
|
#ifdef CONFIG_PROC_FS
|
|
int udp6_seq_show(struct seq_file *seq, void *v);
|
|
#endif
|
|
#endif /* _UDP6_IMPL_H */
|