Message ID | 904e4ae90b94d679d9877d3c48bd277cb9b39f5f.1591601587.git.geliangtang@gmail.com |
---|---|
State | Superseded |
Delegated to: | David Miller |
Headers | show |
Series | mptcp: bugfix for RM_ADDR option parsing | expand |
Hi Geliang, On 08/06/2020 09:48, Geliang Tang wrote: > In MPTCPOPT_RM_ADDR option parsing, the pointer "ptr" pointed to the > "Subtype" octet, the pointer "ptr+1" pointed to the "Address ID" octet: > > +-------+-------+---------------+ > |Subtype|(resvd)| Address ID | > +-------+-------+---------------+ > | | > ptr ptr+1 > > We should set mp_opt->rm_id to the value of "ptr+1", not "ptr". This patch > will fix this bug. Thank you for the patch, good catch! Indeed "ptr" should be incremented. Because this is a bug-fix for net, may you clearly indicate that in the subject to help -net maintainers please? [PATCH net v2] Also, may you add a "Fixes" tag as well as it is for -net ? I guess it should be: Fixes: 3df523ab582c ("mptcp: Add ADD_ADDR handling") The rest is good! Cheers, Matt
On Mon, Jun 08, 2020 at 12:10:23PM +0200, Matthieu Baerts wrote: > Hi Geliang, > > On 08/06/2020 09:48, Geliang Tang wrote: > > In MPTCPOPT_RM_ADDR option parsing, the pointer "ptr" pointed to the > > "Subtype" octet, the pointer "ptr+1" pointed to the "Address ID" octet: > > > > +-------+-------+---------------+ > > |Subtype|(resvd)| Address ID | > > +-------+-------+---------------+ > > | | > > ptr ptr+1 > > > > We should set mp_opt->rm_id to the value of "ptr+1", not "ptr". This patch > > will fix this bug. > > Thank you for the patch, good catch! > Indeed "ptr" should be incremented. > > Because this is a bug-fix for net, may you clearly indicate that in the > subject to help -net maintainers please? [PATCH net v2] > > Also, may you add a "Fixes" tag as well as it is for -net ? I guess it > should be: > > Fixes: 3df523ab582c ("mptcp: Add ADD_ADDR handling") > > The rest is good! > > Cheers, > Matt > -- > Matthieu Baerts | R&D Engineer > matthieu.baerts@tessares.net > Tessares SA | Hybrid Access Solutions > www.tessares.net > 1 Avenue Jean Monnet, 1348 Louvain-la-Neuve, Belgium Hi Matt, Thanks for your reply. I have already resend patch v2 to you. -Geliang
diff --git a/net/mptcp/options.c b/net/mptcp/options.c index 01f1f4cf4902..490b92534afc 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -273,6 +273,8 @@ static void mptcp_parse_option(const struct sk_buff *skb, if (opsize != TCPOLEN_MPTCP_RM_ADDR_BASE) break; + ptr++; + mp_opt->rm_addr = 1; mp_opt->rm_id = *ptr++; pr_debug("RM_ADDR: id=%d", mp_opt->rm_id);
In MPTCPOPT_RM_ADDR option parsing, the pointer "ptr" pointed to the "Subtype" octet, the pointer "ptr+1" pointed to the "Address ID" octet: +-------+-------+---------------+ |Subtype|(resvd)| Address ID | +-------+-------+---------------+ | | ptr ptr+1 We should set mp_opt->rm_id to the value of "ptr+1", not "ptr". This patch will fix this bug. Signed-off-by: Geliang Tang <geliangtang@gmail.com> --- net/mptcp/options.c | 2 ++ 1 file changed, 2 insertions(+)