summaryrefslogtreecommitdiffstats
path: root/net/dccp
diff options
context:
space:
mode:
authorGerrit Renker <gerrit@erg.abdn.ac.uk>2008-06-11 11:19:09 +0100
committerGerrit Renker <gerrit@erg.abdn.ac.uk>2008-06-11 11:19:09 +0100
commit65907a433ac0ca450c4408080f24c6e4743386b2 (patch)
tree086656bf856f17038ca040a9bfb8e4c63e3707a3 /net/dccp
parent1e2f0e5e8376f2a0ada8760fc9d3104e1a81382b (diff)
downloadlinux-65907a433ac0ca450c4408080f24c6e4743386b2.tar.gz
linux-65907a433ac0ca450c4408080f24c6e4743386b2.tar.bz2
linux-65907a433ac0ca450c4408080f24c6e4743386b2.zip
dccp ccid-2: Bug-Fix - Ack Vectors need to be ignored on request sockets
This fixes an oversight from an earlier patch, ensuring that Ack Vectors are not processed on request sockets. The issue is that Ack Vectors must not be parsed on request sockets, since the Ack Vector feature depends on the selection of the (TX) CCID. During the initial handshake the CCIDs are undefined, and so RFC 4340, 10.3 applies: "Using CCID-specific options and feature options during a negotiation for the corresponding CCID feature is NOT RECOMMENDED [...]" And it is not even possible: when the server receives the Request from the client, the CCID and Ack vector features are undefined; when the Ack finalising the 3-way hanshake arrives, the request socket has not been cloned yet into a full socket. (This order is necessary, since otherwise the newly created socket would have to be destroyed whenever an option error occurred - a malicious hacker could simply send garbage options and exploit this.) Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Diffstat (limited to 'net/dccp')
-rw-r--r--net/dccp/options.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/dccp/options.c b/net/dccp/options.c
index d2a84a2fecee..43bc24e761d0 100644
--- a/net/dccp/options.c
+++ b/net/dccp/options.c
@@ -107,9 +107,11 @@ int dccp_parse_options(struct sock *sk, struct dccp_request_sock *dreq,
*
* CCID-specific options are ignored during connection setup, as
* negotiation may still be in progress (see RFC 4340, 10.3).
+ * The same applies to Ack Vectors, as these depend on the CCID.
*
*/
- if (dreq != NULL && opt >= 128)
+ if (dreq != NULL && (opt >= 128 ||
+ opt == DCCPO_ACK_VECTOR_0 || opt == DCCPO_ACK_VECTOR_1))
goto ignore_option;
switch (opt) {