From: Jiri Pirko <jpirko@redhat.com> Date: Wed, 11 Feb 2009 09:27:25 +0100 Subject: [net] ipv6: Hop-by-Hop options header returned bad value Message-id: 20090211082724.GI5829@psychotron.englab.brq.redhat.com O-Subject: [RHEL5.4 patch] BZ483793 net: ipv6: Fix the return value of Set Hop-by-Hop options header with NULL data pointer Bugzilla: 483793 RH-Acked-by: Neil Horman <nhorman@redhat.com> RH-Acked-by: David Miller <davem@redhat.com> RH-Acked-by: Thomas Graf <tgraf@redhat.com> BZ483793 https://bugzilla.redhat.com/show_bug.cgi?id=483793 Description: When Set Hop-by-Hop options header with NULL data pointer and optlen is not zero when calling setsockopt(), the kernel successfully return 0 instead of return error EINVAL or EFAULT. This patch fixes the problem by returning EINVAL in this situation. Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cfb266c0ee0ea0b7bfa8189e3a3a80344dec6112 Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=1689432 Test: Booted on x86_64, tested with reproducer. Jirka diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 2ea8e6b..3733ca7 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -390,8 +390,12 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, case IPV6_DSTOPTS: { struct ipv6_txoptions *opt; + + retv = -EINVAL; if (optlen == 0) optval = NULL; + else if (optval == NULL) + break; /* hop-by-hop / destination options are privileged option */ retv = -EPERM;