2.6.26 -stable review patch. If anyone has any objections, please let us know. ------------------ From: Gerrit Renker [ Upstream commit 47112e25da41d9059626033986dc3353e101f815 ] This patch clamps the cscov setsockopt values to a maximum of 0xFFFF. Setsockopt values greater than 0xffff can cause an unwanted wrap-around. Further, IPv6 jumbograms are not supported (RFC 3838, 3.5), so that values greater than 0xffff are not even useful. Further changes: fixed a typo in the documentation. Signed-off-by: Gerrit Renker Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- Documentation/networking/udplite.txt | 2 +- net/ipv4/udp.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) --- a/Documentation/networking/udplite.txt +++ b/Documentation/networking/udplite.txt @@ -148,7 +148,7 @@ getsockopt(sockfd, SOL_SOCKET, SO_NO_CHECK, &value, ...); is meaningless (as in TCP). Packets with a zero checksum field are - illegal (cf. RFC 3828, sec. 3.1) will be silently discarded. + illegal (cf. RFC 3828, sec. 3.1) and will be silently discarded. 4) Fragmentation --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1319,6 +1319,8 @@ int udp_lib_setsockopt(struct sock *sk, return -ENOPROTOOPT; if (val != 0 && val < 8) /* Illegal coverage: use default (8) */ val = 8; + else if (val > USHORT_MAX) + val = USHORT_MAX; up->pcslen = val; up->pcflag |= UDPLITE_SEND_CC; break; @@ -1331,6 +1333,8 @@ int udp_lib_setsockopt(struct sock *sk, return -ENOPROTOOPT; if (val != 0 && val < 8) /* Avoid silly minimal values. */ val = 8; + else if (val > USHORT_MAX) + val = USHORT_MAX; up->pcrlen = val; up->pcflag |= UDPLITE_RECV_CC; break; -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/