GIT: unionfs-odf: IPCOMP: Fetch nexthdr before ipch is destroyed

Sun, 18 May 2008 04:38:49 -0700 

commit 363c11d7e1c2b2cc30e33416a518cea5ef9e0cc8
Author: Herbert Xu <[EMAIL PROTECTED]>
Date:   Fri Feb 15 01:44:03 2008 -0800

    IPCOMP: Fetch nexthdr before ipch is destroyed
    
    Upstream commit: 2614fa59fa805cd488083c5602eb48533cdbc018
    
    When I moved the nexthdr setting out of IPComp I accidently moved
    the reading of ipch->nexthdr after the decompression.  Unfortunately
    this means that we'd be reading from a stale ipch pointer which
    doesn't work very well.
    
    This patch moves the reading up so that we get the correct nexthdr
    value.
    
    Signed-off-by: Herbert Xu <[EMAIL PROTECTED]>
    Signed-off-by: David S. Miller <[EMAIL PROTECTED]>
    Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>

diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index 2c44a94..80cab8c 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -74,6 +74,7 @@ out:
 
 static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
 {
+       int nexthdr;
        int err = -ENOMEM;
        struct ip_comp_hdr *ipch;
 
@@ -84,13 +85,15 @@ static int ipcomp_input(struct xfrm_state *x, struct 
sk_buff *skb)
 
        /* Remove ipcomp header and decompress original payload */
        ipch = (void *)skb->data;
+       nexthdr = ipch->nexthdr;
+
        skb->transport_header = skb->network_header + sizeof(*ipch);
        __skb_pull(skb, sizeof(*ipch));
        err = ipcomp_decompress(x, skb);
        if (err)
                goto out;
 
-       err = ipch->nexthdr;
+       err = nexthdr;
 
 out:
        return err;
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
index 0cd4056..1c5b09f 100644
--- a/net/ipv6/ipcomp6.c
+++ b/net/ipv6/ipcomp6.c
@@ -64,6 +64,7 @@ static LIST_HEAD(ipcomp6_tfms_list);
 
 static int ipcomp6_input(struct xfrm_state *x, struct sk_buff *skb)
 {
+       int nexthdr;
        int err = -ENOMEM;
        struct ip_comp_hdr *ipch;
        int plen, dlen;
@@ -79,6 +80,8 @@ static int ipcomp6_input(struct xfrm_state *x, struct sk_buff 
*skb)
 
        /* Remove ipcomp header and decompress original payload */
        ipch = (void *)skb->data;
+       nexthdr = ipch->nexthdr;
+
        skb->transport_header = skb->network_header + sizeof(*ipch);
        __skb_pull(skb, sizeof(*ipch));
 
@@ -108,7 +111,7 @@ static int ipcomp6_input(struct xfrm_state *x, struct 
sk_buff *skb)
        skb->truesize += dlen - plen;
        __skb_put(skb, dlen - plen);
        skb_copy_to_linear_data(skb, scratch, dlen);
-       err = ipch->nexthdr;
+       err = nexthdr;
 
 out_put_cpu:
        put_cpu();
_______________________________________________
unionfs-cvs mailing list: http://unionfs.filesystems.org/
[email protected]
http://www.fsl.cs.sunysb.edu/mailman/listinfo/unionfs-cvs

Reply via email to