diff --git a/newip/src/common/nip_checksum.c b/newip/src/common/nip_checksum.c index e2ba185922d83826ada8c8919fd56b8a10303fff..a5ecef1f3c0dc20d28d931cf6764e35d1d110238 100644 --- a/newip/src/common/nip_checksum.c +++ b/newip/src/common/nip_checksum.c @@ -38,7 +38,7 @@ unsigned int _nip_header_chksum(struct nip_pseudo_header *chksum_header) unsigned short hdr_len = 0; addr_len = chksum_header->saddr.bitlen / NIP_ADDR_BIT_LEN_8; - if (addr_len) { + if (addr_len && addr_len < NIP_HDR_MAX) { j = 0; for (i = 0; i < addr_len; i++, j++) pseudo_header[j] = chksum_header->saddr.NIP_ADDR_FIELD8[i]; @@ -46,7 +46,7 @@ unsigned int _nip_header_chksum(struct nip_pseudo_header *chksum_header) } addr_len = chksum_header->daddr.bitlen / NIP_ADDR_BIT_LEN_8; - if (addr_len) { + if (addr_len && addr_len < NIP_HDR_MAX) { j = hdr_len; for (i = 0; i < addr_len; i++, j++) pseudo_header[j] = chksum_header->daddr.NIP_ADDR_FIELD8[i]; @@ -54,10 +54,15 @@ unsigned int _nip_header_chksum(struct nip_pseudo_header *chksum_header) } /* chksum_header->check_len is network order.(big end) */ - *(unsigned short *)(pseudo_header + hdr_len) = chksum_header->check_len; - hdr_len += sizeof(chksum_header->check_len); - *(pseudo_header + hdr_len) = chksum_header->nexthdr; - hdr_len += sizeof(chksum_header->nexthdr); + if (hdr_len < NIP_HDR_MAX) { + *(unsigned short *)(pseudo_header + hdr_len) = chksum_header->check_len; + hdr_len += sizeof(chksum_header->check_len); + } + + if (hdr_len < NIP_HDR_MAX) { + *(pseudo_header + hdr_len) = chksum_header->nexthdr; + hdr_len += sizeof(chksum_header->nexthdr); + } return _nip_check_sum(pseudo_header, hdr_len); } diff --git a/newip/src/common/nip_hdr.h b/newip/src/common/nip_hdr.h index 70b1eab1bfd1848e49337a82ed370d77b90ca716..5c77eff0526f9fd9538fa50044b17471d05b0265 100644 --- a/newip/src/common/nip_hdr.h +++ b/newip/src/common/nip_hdr.h @@ -34,7 +34,7 @@ */ #define NIP_HDR_MAX 24 #define NIP_UDP_HDR_LEN 8 -#define NIP_MIN_MTU (NIP_HDR_MAX + NIP_UDP_HDR_LEN) +#define NIP_MIN_MTU (NIP_HDR_MAX + 20) // NewIP hdr + TCP hdr #define NIP_BYTE_ALIGNMENT 2 #define NIP_BITMAP_HAVE_MORE_BIT 0x01 diff --git a/newip/src/common/nip_hdr_encap.c b/newip/src/common/nip_hdr_encap.c index 9e2cef14138d29e0f8d8a9a0a932009db17d5d01..b9718346ab18b1e14a5c3901f2959d9a4bbf5cee 100644 --- a/newip/src/common/nip_hdr_encap.c +++ b/newip/src/common/nip_hdr_encap.c @@ -128,6 +128,15 @@ static inline void _nip_hdr_encap_comm_bitmap(struct nip_hdr_encap *head) void nip_hdr_udp_encap(struct nip_hdr_encap *head) { + int len; + + if (!head) + return; + + len = get_nip_hdr_len(NIP_HDR_UDP, &head->saddr, &head->daddr); + if (len == 0 || len > NIP_HDR_MAX) + return; + /* Encapsulate the bitmap into the newIP packet header BUF */ #if (NEWIP_BYTE_ALIGNMENT_ENABLE == 1) _nip_hdr_encap_udp_bitmap(head); @@ -146,6 +155,15 @@ void nip_hdr_udp_encap(struct nip_hdr_encap *head) /* need update total len after this func, call nip_update_total_len */ void nip_hdr_comm_encap(struct nip_hdr_encap *head) { + int len; + + if (!head) + return; + + len = get_nip_hdr_len(NIP_HDR_COMM, &head->saddr, &head->daddr); + if (len == 0 || len > NIP_HDR_MAX) + return; + /* Encapsulate the bitmap into the newIP packet header BUF */ #if (NEWIP_BYTE_ALIGNMENT_ENABLE == 1) _nip_hdr_encap_comm_bitmap(head); diff --git a/newip/src/linux-5.10/drivers/net/bt/btdev.c b/newip/src/linux-5.10/drivers/net/bt/btdev.c index 4a5fcf8cc51cda42faad627a41c4b351efcf442c..2f621c7855dd414cf1addf22e3fbea0231a2fce2 100644 --- a/newip/src/linux-5.10/drivers/net/bt/btdev.c +++ b/newip/src/linux-5.10/drivers/net/bt/btdev.c @@ -195,15 +195,15 @@ static ssize_t bt_io_file_read(struct file *filp, btdev_dbg_err("%s invalid skb", cdev_name(vnet)); return -EINVAL; } - out_sz = skb->len - MACADDR_LEN; - if (unlikely(out_sz > size)) { + out_sz = skb->len > MACADDR_LEN ? (skb->len - MACADDR_LEN) : 0; + if (unlikely(out_sz > size) || unlikely(out_sz == 0)) { /* Obtain the skb pointer from the ring buf and ask whether the user-state buf * length can store data in the skb. If the user-state buf length is not enough, * the skb cannot be released at this time, because the skb is still unchained * on the ring buf. */ - btdev_dbg_err("%s usr-buf too small, skb-len=%ld, usr-buf-len=%ld", - cdev_name(vnet), (long)out_sz, (long)size); + btdev_dbg_err("%s usr-buf too small, skb-len=%ld, usr-buf-len=%ld, skb-len=%u", + cdev_name(vnet), (long)out_sz, (long)size, skb->len); return -EINVAL; } @@ -854,8 +854,10 @@ static int bt_ring_is_full(const struct bt_ring *ring) static void bt_ring_produce(struct bt_ring *ring, void *data) { smp_mb(); // Make sure the read and write order is correct - ring->data[ring->head] = data; - ring->head = (ring->head + 1) % ring->size; + if (likely(ring->head < ring->size)) { + ring->data[ring->head] = data; + ring->head = (ring->head + 1) % ring->size; + } smp_wmb(); // Make sure the write order is correct } @@ -863,7 +865,7 @@ static void *bt_ring_current(struct bt_ring *ring) { void *data = NULL; - if (unlikely(!ring)) + if (unlikely(!ring) || unlikely(ring->tail > ring->size)) return data; data = ring->data[ring->tail]; diff --git a/newip/src/linux-5.10/drivers/net/bt/btdev.h b/newip/src/linux-5.10/drivers/net/bt/btdev.h index d6f46d5bf4b5cb260386bbaef3a163eeaee8ed22..b39dee9fbb298e86814df6b4843527a83cc165b0 100644 --- a/newip/src/linux-5.10/drivers/net/bt/btdev.h +++ b/newip/src/linux-5.10/drivers/net/bt/btdev.h @@ -221,6 +221,9 @@ static inline const char *bt_virnet_get_ndev_name(const struct bt_virnet *vn) static inline const char *bt_virnet_get_state_rep(const struct bt_virnet *vn) { + if (unlikely(vn->state > BT_VIRNET_STAET_NUM)) + return g_bt_virnet_state_rep[BT_VIRNET_STATE_DELETED]; + return g_bt_virnet_state_rep[vn->state]; } diff --git a/newip/src/linux-5.10/net/newip/nip_hooks_register.c b/newip/src/linux-5.10/net/newip/nip_hooks_register.c index 0fc022dd1745b37f30566148499b1f8cd2d95cf3..556d573c57634f4efb89eac1ee9e827006c0127c 100644 --- a/newip/src/linux-5.10/net/newip/nip_hooks_register.c +++ b/newip/src/linux-5.10/net/newip/nip_hooks_register.c @@ -24,6 +24,9 @@ */ void nip_ninet_ehashfn(const struct sock *sk, u32 *ret) { + if (!sk || !ret) + return; + *ret = ninet_ehashfn(sock_net(sk), &sk->SK_NIP_RCV_SADDR, sk->sk_num, &sk->SK_NIP_DADDR, sk->sk_dport); } @@ -31,15 +34,15 @@ void nip_ninet_ehashfn(const struct sock *sk, u32 *ret) /* call the newip hook function in inet_gifconf function (net\ipv4\devinet.c): */ void nip_ninet_gifconf(struct net_device *dev, - char __user *buf, int len, int size, int *ret) + char __user *buf, int len, int size, int *v4_done) { - if (*ret >= 0) { - int done = ninet_gifconf(dev, buf + *ret, len - *ret, size); + if (*v4_done >= 0) { + int done = ninet_gifconf(dev, (buf) ? buf + *v4_done : buf, len, size); if (done < 0) - *ret = done; + *v4_done = done; else - *ret += done; + *v4_done += done; } } diff --git a/newip/third_party/linux-5.10/net/newip/af_ninet.c b/newip/third_party/linux-5.10/net/newip/af_ninet.c index abdcae00c7365f2392c3e2ccf7edff8a3f1197c5..1620c8cb32bc31bfd83f1cea8bf9a8621de5bf59 100644 --- a/newip/third_party/linux-5.10/net/newip/af_ninet.c +++ b/newip/third_party/linux-5.10/net/newip/af_ninet.c @@ -487,7 +487,7 @@ static int ninet_compat_routing_ioctl(struct sock *sk, unsigned int cmd, { struct nip_rtmsg rt; - if (copy_from_user(&rt.rtmsg_dst, &ur->rtmsg_dst, 3 * sizeof(struct nip_addr)) || + if (copy_from_user(&rt.rtmsg_dst, &ur->rtmsg_dst, INDEX_3 * sizeof(struct nip_addr)) || copy_from_user(&rt.dev_name, &ur->dev_name, sizeof(rt.dev_name)) || get_user(rt.rtmsg_type, &ur->rtmsg_type) || get_user(rt.rtmsg_ifindex, &ur->rtmsg_ifindex) || diff --git a/newip/third_party/linux-5.10/net/newip/ninet_hashtables.c b/newip/third_party/linux-5.10/net/newip/ninet_hashtables.c index 5c39a3a48a96a313587b1e9f69a1cf25c5f1f25d..33f7c5ebc83437bf2f2d2a6665f21ae469fe58bc 100644 --- a/newip/third_party/linux-5.10/net/newip/ninet_hashtables.c +++ b/newip/third_party/linux-5.10/net/newip/ninet_hashtables.c @@ -241,7 +241,8 @@ static void ninet_unhash2(struct inet_hashinfo *h, struct sock *sk) spin_lock(&ilb2->lock); hlist_del_init_rcu(&inet_csk(sk)->icsk_listen_portaddr_node); - ilb2->count--; + if (ilb2->count) + ilb2->count--; spin_unlock(&ilb2->lock); } @@ -254,7 +255,8 @@ static void __ninet_unhash(struct sock *sk, struct inet_listen_hashbucket *ilb) struct inet_hashinfo *hashinfo = sk->sk_prot->h.hashinfo; ninet_unhash2(hashinfo, sk); - ilb->count--; + if (ilb->count) + ilb->count--; } __sk_nulls_del_node_init_rcu(sk); sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); @@ -311,10 +313,9 @@ struct sock *__ninet_lookup_established(struct net *net, const struct hlist_nulls_node *node; const __portpair ports = INET_COMBINED_PORTS(sport, hnum); - + /* mask ensures that the hash index is valid without memory overruns */ unsigned int hash = ninet_ehashfn(net, daddr, hnum, saddr, sport); unsigned int slot = hash & hashinfo->ehash_mask; - struct inet_ehash_bucket *head = &hashinfo->ehash[slot]; begin: @@ -434,7 +435,7 @@ struct sock *ninet_lookup_listener(struct net *net, saddr, sport, &nip_any_addr, hnum, dif, sdif); done: - if (IS_ERR(result)) + if (IS_ERR_OR_NULL(result)) return NULL; return result; } diff --git a/newip/third_party/linux-5.10/net/newip/nip_fib.c b/newip/third_party/linux-5.10/net/newip/nip_fib.c index dfdc4ce34c26065212a8c519640d6f796fc8bba1..45d487b8df696be57141851242215cce58a9888e 100644 --- a/newip/third_party/linux-5.10/net/newip/nip_fib.c +++ b/newip/third_party/linux-5.10/net/newip/nip_fib.c @@ -88,6 +88,7 @@ struct nip_fib_node *nip_fib_locate(struct hlist_head *nip_tb_head, struct hlist_head *h; unsigned int hash; + /* hash calc ensures that the hash index is valid without memory overruns */ hash = ninet_route_hash(daddr); h = &nip_tb_head[hash]; @@ -97,6 +98,7 @@ struct nip_fib_node *nip_fib_locate(struct hlist_head *nip_tb_head, } /* find default route */ + /* hash calc ensures that the hash index is valid without memory overruns */ hash = ninet_route_hash(&nip_any_addr); h = &nip_tb_head[hash]; @@ -139,6 +141,7 @@ int nip_fib_add(struct nip_fib_table *table, struct nip_rt_info *rt) char dst[NIP_ADDR_BIT_LEN_MAX] = {0}; char gateway[NIP_ADDR_BIT_LEN_MAX] = {0}; + /* hash calc ensures that the hash index is valid without memory overruns */ hash = ninet_route_hash(&rt->rt_dst); h = &table->nip_tb_head[hash]; diff --git a/newip/third_party/linux-5.10/net/newip/nip_output.c b/newip/third_party/linux-5.10/net/newip/nip_output.c index 3aeb7c11ca1a607d19e8b2a12221e5b80a51f9c1..e41ee1e101342b80bcd88a9f0480aac437581198 100644 --- a/newip/third_party/linux-5.10/net/newip/nip_output.c +++ b/newip/third_party/linux-5.10/net/newip/nip_output.c @@ -54,15 +54,18 @@ void update_memory_rate(const char *upper_fun) struct sysinfo mem_info; unsigned long total; unsigned long free; - unsigned long used; unsigned int uint_kb; si_meminfo(&mem_info); uint_kb = mem_info.mem_unit / NIP_BIT_TO_BYTE; total = (unsigned long)mem_info.totalram * uint_kb; free = (unsigned long)mem_info.freeram * uint_kb; - used = total - free; - nip_dbg("%s call cur-func mem total: %ld KB, mem used: %ld KB", upper_fun, total, used); + if (total > free) + nip_dbg("%s call cur-func mem total: %ld KB, mem used: %ld KB", + upper_fun, total, total - free); + else + nip_dbg("%s call cur-func mem total: %ld KB, mem free: %ld KB", + upper_fun, total, free); } int nip_output(struct net *net, struct sock *sk, struct sk_buff *skb) diff --git a/newip/third_party/linux-5.10/net/newip/nndisc.c b/newip/third_party/linux-5.10/net/newip/nndisc.c index 27b48bc5205199cffd86994ce0cc4112c69c9953..e9a93a4b2570f6c2d4f1d10dd0996cadd81fd1ca 100644 --- a/newip/third_party/linux-5.10/net/newip/nndisc.c +++ b/newip/third_party/linux-5.10/net/newip/nndisc.c @@ -579,7 +579,7 @@ int nndisc_rcv_na(struct sk_buff *skb) } len = *p; if (len > MAX_ADDR_LEN) { - nip_dbg("Invalid length, drop the packet(len=%u)", len); + nip_dbg("invalid length, drop the packet(len=%u)", len); kfree_skb(skb); return 0; } diff --git a/newip/third_party/linux-5.10/net/newip/tcp_nip.c b/newip/third_party/linux-5.10/net/newip/tcp_nip.c index 2ca6bef915b3260949c7fdd69ef0607fd3906831..c38f08ba9744fa1ca5ac4f29e8daa077fdc3767a 100644 --- a/newip/third_party/linux-5.10/net/newip/tcp_nip.c +++ b/newip/third_party/linux-5.10/net/newip/tcp_nip.c @@ -400,6 +400,7 @@ #include #include #include "nip_checksum.h" +#include "nip_hdr.h" #include "tcp_nip_parameter.h" #define tcp_header_length(th) ((th)->doff << 2) @@ -449,9 +450,14 @@ bool nip_get_tcp_input_checksum(struct sk_buff *skb) static int tcp_nip_close_state(struct sock *sk) { - int next = (int)new_state[sk->sk_state]; - int ns = next & TCP_STATE_MASK; + int next; + int ns; + if (sk->sk_state >= TCP_MAX_STATES) + return TCP_ACTION_FIN; + + next = (int)new_state[sk->sk_state]; + ns = next & TCP_STATE_MASK; tcp_set_state(sk, ns); return next & TCP_ACTION_FIN; @@ -1206,17 +1212,19 @@ static void skb_nip_entail(struct sock *sk, struct sk_buff *skb) sk_mem_charge(sk, skb->truesize); } -static unsigned int tcp_xmit_size_goal(struct sock *sk, u32 mss_now, - int large_allowed) +static unsigned int tcp_nip_xmit_size_goal(struct sock *sk, u32 mss_now, + int large_allowed) { struct tcp_sock *tp = tcp_sk(sk); - u32 new_size_goal, size_goal; + u32 new_size_goal = NIP_MIN_MTU; + u32 size_goal; if (!large_allowed || !mss_now) return mss_now; /* Note : tcp_tso_autosize() will eventually split this later */ - new_size_goal = sk->sk_gso_max_size - 1 - MAX_TCP_HEADER; + if (sk->sk_gso_max_size > MAX_TCP_HEADER + 1) + new_size_goal = sk->sk_gso_max_size - 1 - MAX_TCP_HEADER; new_size_goal = tcp_bound_to_half_wnd(tp, new_size_goal); /* We try hard to avoid divides here */ @@ -1236,7 +1244,7 @@ int tcp_nip_send_mss(struct sock *sk, int *size_goal, int flags) int mss_now; mss_now = tcp_nip_current_mss(sk); - *size_goal = tcp_xmit_size_goal(sk, mss_now, !(flags & MSG_OOB)); + *size_goal = tcp_nip_xmit_size_goal(sk, mss_now, !(flags & MSG_OOB)); return mss_now; } diff --git a/newip/third_party/linux-5.10/net/newip/tcp_nip_input.c b/newip/third_party/linux-5.10/net/newip/tcp_nip_input.c index ae554add78ff9e8770bfbee287d1c46e687b2410..a1efb28105da0f1de87949643fafaa88184f5fb7 100644 --- a/newip/third_party/linux-5.10/net/newip/tcp_nip_input.c +++ b/newip/third_party/linux-5.10/net/newip/tcp_nip_input.c @@ -297,7 +297,7 @@ static bool tcp_nip_ooo_try_coalesce(struct sock *sk, nip_dbg("(to)->gso_segs %u, (from)->gso_segs %u", skb_shinfo(to)->gso_segs, skb_shinfo(from)->gso_segs); - skb_shinfo(to)->gso_segs = min_t(u32, gso_segs, 0xFFFF); + skb_shinfo(to)->gso_segs = min_t(u32, gso_segs, TCP_NIP_WINDOW_MAX); nip_dbg("gso_segs %u to %u", to_gso_segs, skb_shinfo(to)->gso_segs); } return res; @@ -894,7 +894,7 @@ void tcp_nip_parse_options(const struct sk_buff *skb, const unsigned char *ptr; const struct tcphdr *th = tcp_hdr(skb); /* The length of the TCP option = Length of TCP header - The length of the TCP structure */ - int length = (th->doff * 4) - sizeof(struct tcphdr); + int length = (th->doff * TCP_NUM_4) - sizeof(struct tcphdr); /* A pointer to the option position */ ptr = (const unsigned char *)(th + 1); @@ -912,7 +912,7 @@ void tcp_nip_parse_options(const struct sk_buff *skb, continue; default: opsize = *ptr++; - if (opsize < 2) /* "2 - silly options" */ + if (opsize < TCP_NUM_2) /* "2 - silly options" */ return; if (opsize > length) return; /* don't parse partial options */ @@ -1065,7 +1065,7 @@ struct sock *tcp_nip_create_openreq_child(const struct sock *sk, } else { newtp->rx_opt.snd_wscale = 0; newtp->rx_opt.rcv_wscale = 0; - newtp->window_clamp = min(newtp->window_clamp, 65535U); + newtp->window_clamp = min(newtp->window_clamp, TCP_NIP_WINDOW_MAX); } newtp->snd_wnd = (ntohs(tcp_hdr(skb)->window) << newtp->rx_opt.snd_wscale); @@ -1748,10 +1748,10 @@ discard: static u32 tcp_default_init_rwnd(u32 mss) { - u32 init_rwnd = TCP_INIT_CWND * 2; + u32 init_rwnd = TCP_INIT_CWND * TCP_NUM_2; if (mss > TCP_MAX_MSS) - init_rwnd = max((TCP_MAX_MSS * init_rwnd) / mss, 2U); + init_rwnd = max((TCP_MAX_MSS * init_rwnd) / mss, (u32)TCP_NUM_2); return init_rwnd; } @@ -1880,7 +1880,7 @@ static int tcp_nip_rcv_synsent_state_process(struct sock *sk, struct sk_buff *sk if (!tp->rx_opt.wscale_ok) { tp->rx_opt.snd_wscale = 0; tp->rx_opt.rcv_wscale = 0; - tp->window_clamp = min(tp->window_clamp, 65535U); + tp->window_clamp = min(tp->window_clamp, TCP_NIP_WINDOW_MAX); } if (tp->rx_opt.saw_tstamp) { diff --git a/newip/third_party/linux-5.10/net/newip/tcp_nip_output.c b/newip/third_party/linux-5.10/net/newip/tcp_nip_output.c index 47dd74582e3c21ea0f36c0f70ca6c100f8c31905..0f957ae423d035edde5adef6da96928ff6178c56 100644 --- a/newip/third_party/linux-5.10/net/newip/tcp_nip_output.c +++ b/newip/third_party/linux-5.10/net/newip/tcp_nip_output.c @@ -262,7 +262,7 @@ static u16 nip_tcp_select_window(struct sock *sk) if (!tp->rx_opt.rcv_wscale && sock_net(sk)->ipv4.sysctl_tcp_workaround_signed_windows) new_win = min(new_win, MAX_TCP_WINDOW); else - new_win = min(new_win, (65535U << tp->rx_opt.rcv_wscale)); + new_win = min(new_win, (TCP_NIP_WINDOW_MAX << tp->rx_opt.rcv_wscale)); /* RFC1323 Scaling Applied. * Scaling the receive window so that it can represent up to 30 bits @@ -392,7 +392,7 @@ static __u16 tcp_nip_advertise_mss(struct sock *sk) tp->advmss = mss; } - mtu = dst_mtu(dst); + mtu = dst_mtu(dst); /* NIP_MIN_MTU */ nip_hdr_len = get_nip_hdr_len(NIP_HDR_COMM, &sk->SK_NIP_RCV_SADDR, &sk->SK_NIP_DADDR); nip_hdr_len = nip_hdr_len == 0 ? NIP_HDR_MAX : nip_hdr_len; @@ -693,7 +693,7 @@ unsigned int tcp_nip_current_mss(struct sock *sk) mss_now = tp->mss_cache; if (dst) { - u32 mtu = dst_mtu(dst); + u32 mtu = dst_mtu(dst); /* NIP_MIN_MTU */ if (mtu != inet_csk(sk)->icsk_pmtu_cookie) mss_now = tcp_nip_sync_mss(sk, mtu); @@ -758,7 +758,7 @@ static int get_nip_mss(const struct sock *sk, struct dst_entry *dst, struct requ if (user_mss && user_mss < mss) mss = user_mss; - mtu = dst_mtu(dst); + mtu = dst_mtu(dst); /* NIP_MIN_MTU */ nip_hdr_len = get_nip_hdr_len(NIP_HDR_COMM, &ireq->IR_NIP_LOC_ADDR, &ireq->IR_NIP_RMT_ADDR); nip_hdr_len = nip_hdr_len == 0 ? NIP_HDR_MAX : nip_hdr_len; nip_mss = mtu - nip_hdr_len - sizeof(struct tcphdr); @@ -843,13 +843,13 @@ struct sk_buff *tcp_nip_make_synack(const struct sock *sk, struct dst_entry *dst th->ack_seq = htonl(tcp_rsk(req)->rcv_nxt); th->check = 0; - th->window = htons(min(req->rsk_rcv_wnd, 65535U)); + th->window = htons(min(req->rsk_rcv_wnd, TCP_NIP_WINDOW_MAX)); tcp_nip_options_write((__be32 *)(th + 1), NULL, &opts); /* TCP data offset, divided by 4 because doff is a 32-bit word * That is, words four bytes long are counted in units */ - th->doff = (tcp_header_size >> 2); + th->doff = (tcp_header_size >> TCP_NUM_2); __TCP_INC_STATS(sock_net(sk), TCP_MIB_OUTSEGS); /* Fill in checksum */ diff --git a/newip/third_party/linux-5.10/net/newip/udp.c b/newip/third_party/linux-5.10/net/newip/udp.c index cd4a0b49484afe4b4f952f7ce071368653db791b..366c21158489e01d99aebb035a1ba008c9fc5b16 100644 --- a/newip/third_party/linux-5.10/net/newip/udp.c +++ b/newip/third_party/linux-5.10/net/newip/udp.c @@ -231,6 +231,7 @@ struct sock *__nip_udp_lib_lookup(struct net *net, struct udp_hslot *hslot2; struct sock *result; + /* mask ensures that the hash index is valid without memory overruns */ hash2 = nip_udp_portaddr_hash(net, daddr, hnum); slot2 = hash2 & udptable->mask; hslot2 = &udptable->hash2[slot2]; @@ -243,6 +244,7 @@ struct sock *__nip_udp_lib_lookup(struct net *net, goto done; /* Lookup wildcard sockets */ + /* mask ensures that the hash index is valid without memory overruns */ hash2 = nip_udp_portaddr_hash(net, &nip_any_addr, hnum); slot2 = hash2 & udptable->mask; hslot2 = &udptable->hash2[slot2];