]> err.no Git - linux-2.6/blobdiff - net/ipv6/datagram.c
projects / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge commit 'v2.6.26-rc8' into x86/mce
[linux-2.6] / net / ipv6 / datagram.c
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 53e3883f76668f847e2241ae93f65134bd2962fd..0f0f94a40335e7a24a68181f1791d164d49cd3e2 100644 (file)
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -496,7 +496,8 @@ int datagram_recv_ctl(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
        return 0;
 }
 
-int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
+int datagram_send_ctl(struct net *net,
+                     struct msghdr *msg, struct flowi *fl,
                      struct ipv6_txoptions *opt,
                      int *hlimit, int *tclass)
 {
@@ -540,7 +541,7 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
                        addr_type = __ipv6_addr_type(&src_info->ipi6_addr);
 
                        if (fl->oif) {
-                               dev = dev_get_by_index(&init_net, fl->oif);
+                               dev = dev_get_by_index(net, fl->oif);
                                if (!dev)
                                        return -ENODEV;
                        } else if (addr_type & IPV6_ADDR_LINKLOCAL)
@@ -548,7 +549,7 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
 
                        if (addr_type != IPV6_ADDR_ANY) {
                                int strict = __ipv6_addr_src_scope(addr_type) <= IPV6_ADDR_SCOPE_LINKLOCAL;
-                               if (!ipv6_chk_addr(&init_net, &src_info->ipi6_addr,
+                               if (!ipv6_chk_addr(net, &src_info->ipi6_addr,
                                                   strict ? dev : NULL, 0))
                                        err = -EINVAL;
                                else
@@ -704,6 +705,11 @@ int datagram_send_ctl(struct msghdr *msg, struct flowi *fl,
                        }
 
                        *hlimit = *(int *)CMSG_DATA(cmsg);
+                       if (*hlimit < -1 || *hlimit > 0xff) {
+                               err = -EINVAL;
+                               goto exit_f;
+                       }
+
                        break;
 
                case IPV6_TCLASS:
Linux 2.6 source tree