Message ID | 1247858602.8509.7.camel@Maple |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
From: John Dykstra <john.dykstra1@gmail.com> Date: Fri, 17 Jul 2009 19:23:22 +0000 > [PATCH] tcp: Use correct peer adr when copying MD5 keys > > When the TCP connection handshake completes on the passive > side, a variety of state must be set up in the "child" sock, > including the key if MD5 authentication is being used. Fix TCP > for both address families to label the key with the peer's > destination address, rather than the address from the listening > sock, which is usually the wildcard. > > Reported-by: Stephen Hemminger <shemminger@vyatta.com> > Signed-off-by: John Dykstra <john.dykstra1@gmail.com> Also applied, thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 7c107eb..6d88219 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -1374,7 +1374,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb, */ char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); if (newkey != NULL) - tcp_v4_md5_do_add(newsk, inet_sk(sk)->daddr, + tcp_v4_md5_do_add(newsk, newinet->daddr, newkey, key->keylen); newsk->sk_route_caps &= ~NETIF_F_GSO_MASK; } diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index ae3d657..d849dd5 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1442,7 +1442,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, */ char *newkey = kmemdup(key->key, key->keylen, GFP_ATOMIC); if (newkey != NULL) - tcp_v6_md5_do_add(newsk, &inet6_sk(sk)->daddr, + tcp_v6_md5_do_add(newsk, &newnp->daddr, newkey, key->keylen); } #endif