From: Jiri Pirko <jpirko@redhat.com>
Date: Wed, 11 Feb 2009 09:27:25 +0100
Subject: [net] ipv6: Hop-by-Hop options header returned bad value
Message-id: 20090211082724.GI5829@psychotron.englab.brq.redhat.com
O-Subject: [RHEL5.4 patch] BZ483793 net: ipv6: Fix the return value of Set Hop-by-Hop options header with NULL data pointer
Bugzilla: 483793
RH-Acked-by: Neil Horman <nhorman@redhat.com>
RH-Acked-by: David Miller <davem@redhat.com>
RH-Acked-by: Thomas Graf <tgraf@redhat.com>

BZ483793
https://bugzilla.redhat.com/show_bug.cgi?id=483793

Description:
When Set Hop-by-Hop options header with NULL data pointer and optlen is not
zero when calling setsockopt(), the kernel successfully return 0 instead of
return error EINVAL or EFAULT. This patch fixes the problem by returning
EINVAL in this situation.

Upstream:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cfb266c0ee0ea0b7bfa8189e3a3a80344dec6112

Brew:
https://brewweb.devel.redhat.com/taskinfo?taskID=1689432

Test:
Booted on x86_64, tested with reproducer.

Jirka

diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 2ea8e6b..3733ca7 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -390,8 +390,12 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
 	case IPV6_DSTOPTS:
 	{
 		struct ipv6_txoptions *opt;
+
+		retv = -EINVAL;
 		if (optlen == 0)
 			optval = NULL;
+		else if (optval == NULL)
+			break;
 
 		/* hop-by-hop / destination options are privileged option */
 		retv = -EPERM;