tcp: Fix tcp_make_synack()

Commit 4957faad (TCPCT part 1g: Responder Cookie => Initiator), part of TCP_COOKIE_TRANSACTION implementation, forgot to correctly size synack skb in case user data must be included. Many thanks to Mika Pentillä for spotting this error. Reported-by: Penttillä Mika <mika.penttila@ixonos.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>

tcp: Fix tcp_make_synack()
Commit 4957faad (TCPCT part 1g: Responder Cookie => Initiator), part of TCP_COOKIE_TRANSACTION implementation, forgot to correctly size synack skb in case user data must be included. Many thanks to Mika Pentillä for spotting this error. Reported-by: Penttillä Mika <mika.penttila@ixonos.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet · David S. Miller
1 parent 9837638727
Showing 1 changed file with 9 additions and 9 deletions Side-by-side Diff
net/ipv4/tcp_output.c
@@ -2395,13 +2395,17 @@
 	struct tcp_extend_values *xvp = tcp_xv(rvp);
 	struct inet_request_sock *ireq = inet_rsk(req);
 	struct tcp_sock *tp = tcp_sk(sk);
+	const struct tcp_cookie_values *cvp = tp->cookie_values;
 	struct tcphdr *th;
 	struct sk_buff *skb;
 	struct tcp_md5sig_key *md5;
 	int tcp_header_size;
 	int mss;
+	int s_data_desired = 0;
  
-	skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15, 1, GFP_ATOMIC);
+	if (cvp != NULL && cvp->s_data_constant && cvp->s_data_desired)
+		s_data_desired = cvp->s_data_desired;
+	skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15 + s_data_desired, 1, GFP_ATOMIC);
 	if (skb == NULL)
 		return NULL;
  
  
  
@@ -2457,16 +2461,12 @@
 			     TCPCB_FLAG_SYN | TCPCB_FLAG_ACK);
  
 	if (OPTION_COOKIE_EXTENSION & opts.options) {
-		const struct tcp_cookie_values *cvp = tp->cookie_values;
+		if (s_data_desired) {
+			u8 *buf = skb_put(skb, s_data_desired);
  
-		if (cvp != NULL &&
-		    cvp->s_data_constant &&
-		    cvp->s_data_desired > 0) {
-			u8 *buf = skb_put(skb, cvp->s_data_desired);
-
 			/* copy data directly from the listening socket. */
-			memcpy(buf, cvp->s_data_payload, cvp->s_data_desired);
-			TCP_SKB_CB(skb)->end_seq += cvp->s_data_desired;
+			memcpy(buf, cvp->s_data_payload, s_data_desired);
+			TCP_SKB_CB(skb)->end_seq += s_data_desired;
 		}
  
 		if (opts.hash_size > 0) {
...	...	@@ -2395,13 +2395,17 @@
2395	2395	struct tcp_extend_values *xvp = tcp_xv(rvp);
2396	2396	struct inet_request_sock *ireq = inet_rsk(req);
2397	2397	struct tcp_sock *tp = tcp_sk(sk);
	2398	+ const struct tcp_cookie_values *cvp = tp->cookie_values;
2398	2399	struct tcphdr *th;
2399	2400	struct sk_buff *skb;
2400	2401	struct tcp_md5sig_key *md5;
2401	2402	int tcp_header_size;
2402	2403	int mss;
	2404	+ int s_data_desired = 0;
2403	2405
2404		- skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15, 1, GFP_ATOMIC);
	2406	+ if (cvp != NULL && cvp->s_data_constant && cvp->s_data_desired)
	2407	+ s_data_desired = cvp->s_data_desired;
	2408	+ skb = sock_wmalloc(sk, MAX_TCP_HEADER + 15 + s_data_desired, 1, GFP_ATOMIC);
2405	2409	if (skb == NULL)
2406	2410	return NULL;
2407	2411
2408	2412
2409	2413
...	...	@@ -2457,16 +2461,12 @@
2457	2461	TCPCB_FLAG_SYN \| TCPCB_FLAG_ACK);
2458	2462
2459	2463	if (OPTION_COOKIE_EXTENSION & opts.options) {
2460		- const struct tcp_cookie_values *cvp = tp->cookie_values;
	2464	+ if (s_data_desired) {
	2465	+ u8 *buf = skb_put(skb, s_data_desired);
2461	2466
2462		- if (cvp != NULL &&
2463		- cvp->s_data_constant &&
2464		- cvp->s_data_desired > 0) {
2465		- u8 *buf = skb_put(skb, cvp->s_data_desired);
2466		-
2467	2467	/* copy data directly from the listening socket. */
2468		- memcpy(buf, cvp->s_data_payload, cvp->s_data_desired);
2469		- TCP_SKB_CB(skb)->end_seq += cvp->s_data_desired;
	2468	+ memcpy(buf, cvp->s_data_payload, s_data_desired);
	2469	+ TCP_SKB_CB(skb)->end_seq += s_data_desired;
2470	2470	}
2471	2471
2472	2472	if (opts.hash_size > 0) {