In article
<OF618A0572.CA254DA0-ON88256FE1.0080DB81-88256FE1.0082220B@xxxxxxxxxx> (at Tue,
12 Apr 2005 17:41:25 -0600), David Stevens <dlstevens@xxxxxxxxxx> says:
> I don't know if it is possible, after the fix for the second problem, to
> get an
> skb with nonzero nr_frags in rawv6_push_pending_frames() (maybe with
> corking? or maybe via MSG_MORE?), but this patch includes support for
> non-linear skbs as well as the missing flush on error that caused the
> problem
> to begin with.
Please geive up the "singed-off" line.
Anyway, how about this?
Signed-off-by: Hideaki YOSHIFUJI <yoshfuji@xxxxxxxxxxxxxx>
===== net/ipv6/raw.c 1.80 vs edited =====
--- 1.80/net/ipv6/raw.c 2005-03-27 08:04:35 +09:00
+++ edited/net/ipv6/raw.c 2005-04-13 09:49:37 +09:00
@@ -456,7 +456,7 @@
{
struct sk_buff *skb;
int err = 0;
- u16 *csum;
+ u16 csum_buff, *csum;
u32 tmp_csum;
if (!rp->checksum)
@@ -465,12 +465,13 @@
if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
goto out;
- if (rp->offset + 1 < len)
- csum = (u16 *)(skb->h.raw + rp->offset);
- else {
- err = -EINVAL;
+ err = -EINVAL;
+ if (rp->offset + 1 >= len)
+ goto out;
+
+ csum = skb_header_pointer(skb, skb->h.raw - skb->data + rp->offset,
sizeof(csum_buff), &csum_buff);
+ if (!csum)
goto out;
- }
/* should be check HW csum miyazawa */
if (skb_queue_len(&sk->sk_write_queue) == 1) {
--
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji@xxxxxxxxxxxxxx>
Homepage: http://www.yoshifuji.org/~hideaki/
GPG FP : 9022 65EB 1ECF 3AD1 0BDF 80D8 4807 F894 E062 0EEA
|