summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristoph Paasch <christoph.paasch@uclouvain.be>2013-04-07 04:53:15 +0000
committerDavid S. Miller <davem@davemloft.net>2013-04-07 12:36:08 -0400
commit50a75a8914539c5dcd441c5f54d237a666a426fd (patch)
tree2635984dd1261e20a3c68b4170b8596a13c09174
parent53f63189b1110559dce8c1ee29e8abc3e31f7630 (diff)
downloadlinux-50a75a8914539c5dcd441c5f54d237a666a426fd.tar.gz
linux-50a75a8914539c5dcd441c5f54d237a666a426fd.tar.bz2
linux-50a75a8914539c5dcd441c5f54d237a666a426fd.zip
ipv6/tcp: Stop processing ICMPv6 redirect messages
Tetja Rediske found that if the host receives an ICMPv6 redirect message after sending a SYN+ACK, the connection will be reset. He bisected it down to 093d04d (ipv6: Change skb->data before using icmpv6_notify() to propagate redirect), but the origin of the bug comes from ec18d9a26 (ipv6: Add redirect support to all protocol icmp error handlers.). The bug simply did not trigger prior to 093d04d, because skb->data did not point to the inner IP header and thus icmpv6_notify did not call the correct err_handler. This patch adds the missing "goto out;" in tcp_v6_err. After receiving an ICMPv6 Redirect, we should not continue processing the ICMP in tcp_v6_err, as this may trigger the removal of request-socks or setting sk_err(_soft). Reported-by: Tetja Rediske <tetja@tetja.de> Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv6/tcp_ipv6.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index f6d629fd6aee..46a5be85be87 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -386,6 +386,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
if (dst)
dst->ops->redirect(dst, sk, skb);
+ goto out;
}
if (type == ICMPV6_PKT_TOOBIG) {