ipv4: ip_check_defrag should correctly check return value of skb_copy_bits

skb_copy_bits() returns zero on success and negative value on error,
so it is needed to invert the condition in ip_check_defrag().

Fixes: 1bf3751ec90c ("ipv4: ip_check_defrag must not modify skb before unsharing")
Signed-off-by: Alexander Drozdov <al.drozdov@gmail.com>
---
 net/ipv4/ip_fragment.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

On 2/17/15, Alexander Drozdov <al.drozdov@gmail.com> wrote:
> skb_copy_bits() returns zero on success and negative value on error,
> so it is needed to invert the condition in ip_check_defrag().
>

Nice. Grepping through the net directory shows that the  skb_copy_bits()
return value is completely ignored in net/wireless/util.c


> Fixes: 1bf3751ec90c ("ipv4: ip_check_defrag must not modify skb before
> unsharing")
> Signed-off-by: Alexander Drozdov <al.drozdov@gmail.com>
> ---
>  net/ipv4/ip_fragment.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
> index e5b6d0d..2c8d98e 100644
> --- a/net/ipv4/ip_fragment.c
> +++ b/net/ipv4/ip_fragment.c
> @@ -664,7 +664,7 @@ struct sk_buff *ip_check_defrag(struct sk_buff *skb, u32
> user)
>  	if (skb->protocol != htons(ETH_P_IP))
>  		return skb;
>
> -	if (!skb_copy_bits(skb, 0, &iph, sizeof(iph)))
> +	if (skb_copy_bits(skb, 0, &iph, sizeof(iph)) < 0)
>  		return skb;
>
>  	if (iph.ihl < 5 || iph.version != 4)
> --
> 1.9.1
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

On Tue, 2015-02-17 at 13:33 +0300, Alexander Drozdov wrote:
> skb_copy_bits() returns zero on success and negative value on error,
> so it is needed to invert the condition in ip_check_defrag().
> 
> Fixes: 1bf3751ec90c ("ipv4: ip_check_defrag must not modify skb before unsharing")
> Signed-off-by: Alexander Drozdov <al.drozdov@gmail.com>
> ---
>  net/ipv4/ip_fragment.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
> index e5b6d0d..2c8d98e 100644
> --- a/net/ipv4/ip_fragment.c
> +++ b/net/ipv4/ip_fragment.c
> @@ -664,7 +664,7 @@ struct sk_buff *ip_check_defrag(struct sk_buff *skb, u32 user)
>  	if (skb->protocol != htons(ETH_P_IP))
>  		return skb;
>  
> -	if (!skb_copy_bits(skb, 0, &iph, sizeof(iph)))
> +	if (skb_copy_bits(skb, 0, &iph, sizeof(iph)) < 0)
>  		return skb;
>  
>  	if (iph.ihl < 5 || iph.version != 4)

Thanks, I wonder how this was not found/fixed earlier.

Acked-by: Eric Dumazet <edumazet@google.com>
Cc: Johannes Berg <johannes.berg@intel.com>

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

From: Alexander Drozdov <al.drozdov@gmail.com>
Date: Tue, 17 Feb 2015 13:33:46 +0300

> skb_copy_bits() returns zero on success and negative value on error,
> so it is needed to invert the condition in ip_check_defrag().
> 
> Fixes: 1bf3751ec90c ("ipv4: ip_check_defrag must not modify skb before unsharing")
> Signed-off-by: Alexander Drozdov <al.drozdov@gmail.com>

Applied and queued up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html