summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorCong Wang <amwang@redhat.com>2013-07-02 14:49:34 +0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-07-28 16:29:49 -0700
commit0e7eadef8d9f5c3ebb664afcbaaad031321bfa58 (patch)
tree572e0e5c080f170d999e0406e14fd4a8f934af14 /net
parented7f614ab8c605aadfa163d468a980642b3929da (diff)
downloadlinux-3.10-0e7eadef8d9f5c3ebb664afcbaaad031321bfa58.tar.gz
linux-3.10-0e7eadef8d9f5c3ebb664afcbaaad031321bfa58.tar.bz2
linux-3.10-0e7eadef8d9f5c3ebb664afcbaaad031321bfa58.zip
ipip: fix a regression in ioctl
[ Upstream commit 3b7b514f44bff05d26a6499c4d4fac2a83938e6e ] This is a regression introduced by commit fd58156e456d9f68fe0448 (IPIP: Use ip-tunneling code.) Similar to GRE tunnel, previously we only check the parameters for SIOCADDTUNNEL and SIOCCHGTUNNEL, after that commit, the check is moved for all commands. So, just check for SIOCADDTUNNEL and SIOCCHGTUNNEL. Also, the check for i_key, o_key etc. is suspicious too, which did not exist before, reset them before passing to ip_tunnel_ioctl(). Signed-off-by: Cong Wang <amwang@redhat.com> Cc: Pravin B Shelar <pshelar@nicira.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/ipip.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 77bfcce64fe..7cfc45624b6 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -240,11 +240,13 @@ ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
return -EFAULT;
- if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
- p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
- return -EINVAL;
- if (p.i_key || p.o_key || p.i_flags || p.o_flags)
- return -EINVAL;
+ if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
+ if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
+ p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
+ return -EINVAL;
+ }
+
+ p.i_key = p.o_key = p.i_flags = p.o_flags = 0;
if (p.iph.ttl)
p.iph.frag_off |= htons(IP_DF);