linux-hardened/net/dccp
Gerrit Renker 4a5409a5a8 [DCCP]: Twice the wrong reset code in receiving connection-Requests
This fixes two bugs in processing of connection-Requests in
v{4,6}_conn_request:

 1. Due to using the variable `reset_code', the Reset code generated
    internally by dccp_parse_options() is overwritten with the
    initialised value ("Too Busy") of reset_code, which is not what is
    intended.

 2. When receiving a connection-Request on a multicast or broadcast
    address, no Reset should be generated, to avoid storms of such
    packets. Instead of jumping to the `drop' label, the
    v{4,6}_conn_request functions now return 0. Below is why in my
    understanding this is correct:

    When the conn_request function returns < 0, then the caller,
    dccp_rcv_state_process(), returns 1. In all instances where
    dccp_rcv_state_process is called (dccp_v4_do_rcv, dccp_v6_do_rcv,
    and dccp_child_process), a return value of != 0 from
    dccp_rcv_state_process() means that a Reset is generated.

    If on the other hand the conn_request function returns 0, the
    packet is discarded and no Reset is generated.

Note: There may be a related problem when sending the Response, due to
the following.

	if (dccp_v6_send_response(sk, req, NULL))
		goto drop_and_free;
	/* ... */
	drop_and_free:
		return -1;

In this case, if send_response fails due to transmission errors, the
next thing that is generated is a Reset with a code "Too Busy". I
haven't been able to conjure up such a condition, but it might be good
to change the behaviour here also (not done by this patch).

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-10-10 16:54:38 -07:00
..
ccids [CCID2]: Sequence number wraparound issues 2007-10-10 16:54:35 -07:00
ackvec.c [NET]: DIV_ROUND_UP cleanup (part two) 2007-10-10 16:48:37 -07:00
ackvec.h [DCCP] ackvec: Convert to ktime_t 2007-10-10 16:48:14 -07:00
ccid.c [DCCP]: fix theoretical ccids_{read,write}_lock() race 2007-08-13 22:52:09 -07:00
ccid.h [DCCP] ccid: Deprecate ccid_hc_tx_insert_options 2006-12-11 14:34:49 -08:00
dccp.h [DCCP]: Factor out common code for generating Resets 2007-10-10 16:52:44 -07:00
diag.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
feat.c [DCCP]: fix memory leak and clean up style - dccp_feat_empty_confirm() 2007-08-13 22:52:10 -07:00
feat.h [NET] DCCP: Fix whitespace errors. 2007-02-10 23:19:27 -08:00
input.c [DCCP]: Rate-limit DCCP-Syncs 2007-10-10 16:52:43 -07:00
ipv4.c [DCCP]: Twice the wrong reset code in receiving connection-Requests 2007-10-10 16:54:38 -07:00
ipv6.c [DCCP]: Twice the wrong reset code in receiving connection-Requests 2007-10-10 16:54:38 -07:00
ipv6.h Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
Kconfig [DCCP]: Use menuconfig objects. 2007-05-24 16:36:46 -07:00
Makefile [DCCPv6]: Resolve conditional build problem 2006-12-02 21:22:28 -08:00
minisocks.c [DCCP]: Tidy-up -- minisock initialisation 2007-10-10 16:54:36 -07:00
options.c [DCCP]: Wrong format in printk 2007-10-10 16:54:36 -07:00
output.c [DCCP]: Wait for CCID 2007-10-10 16:54:31 -07:00
probe.c [NET]: Make /proc/net per network namespace 2007-10-10 16:49:06 -07:00
proto.c [DCCP]: Make all `debug' parameters bool 2007-10-10 16:54:32 -07:00
sysctl.c [DCCP]: Rate-limit DCCP-Syncs 2007-10-10 16:52:43 -07:00
timer.c [DCCP]: Provide 10s of microsecond timesource 2007-10-10 16:52:35 -07:00