[PATCH] Fix sfuzz hanging on 2.6.18

[karo-tx-linux.git] / net / decnet / af_decnet.c

diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index d402e9020c684126bf9a1f418e7e7c9549a6e9dd..07d98695d74db8c549d9ed1569d6f4ca6aff81aa 100644 (file)
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -99,7 +99,6 @@ Version 0.0.6    2.1.110   07-aug-98   Eduardo Marcelo Serrat
                                        dn_bind fixes
 *******************************************************************************/
 
-#include <linux/config.h>
 #include <linux/module.h>
 #include <linux/errno.h>
 #include <linux/types.h>
@@ -122,6 +121,7 @@ Version 0.0.6    2.1.110   07-aug-98   Eduardo Marcelo Serrat
 #include <net/flow.h>
 #include <asm/system.h>
 #include <asm/ioctls.h>
+#include <linux/capability.h>
 #include <linux/mm.h>
 #include <linux/interrupt.h>
 #include <linux/proc_fs.h>
@@ -149,7 +149,7 @@ static void dn_keepalive(struct sock *sk);
 #define DN_SK_HASH_MASK (DN_SK_HASH_SIZE - 1)
 
 
-static struct proto_ops dn_proto_ops;
+static const struct proto_ops dn_proto_ops;
 static DEFINE_RWLOCK(dn_hash_lock);
 static struct hlist_head dn_sk_hash[DN_SK_HASH_SIZE];
 static struct hlist_head dn_wild_sk;
@@ -171,7 +171,7 @@ static struct hlist_head *dn_find_list(struct sock *sk)
 /* 
  * Valid ports are those greater than zero and not already in use.
  */
-static int check_port(unsigned short port)
+static int check_port(__le16 port)
 {
        struct sock *sk;
        struct hlist_node *node;
@@ -660,7 +660,7 @@ disc_reject:
        }
 }
 
-char *dn_addr2asc(dn_address addr, char *buf)
+char *dn_addr2asc(__u16 addr, char *buf)
 {
        unsigned short node, area;
 
@@ -800,7 +800,7 @@ static int dn_auto_bind(struct socket *sock)
        /* End of compatibility stuff */
 
        scp->addr.sdn_add.a_len = dn_htons(2);
-       rv = dn_dev_bind_default((dn_address *)scp->addr.sdn_add.a_addr);
+       rv = dn_dev_bind_default((__le16 *)scp->addr.sdn_add.a_addr);
        if (rv == 0) {
                rv = dn_hash_sock(sk);
                if (rv)
@@ -1020,7 +1020,7 @@ static void dn_user_copy(struct sk_buff *skb, struct optdata_dn *opt)
         opt->opt_optl   = *ptr++;
         opt->opt_status = 0;
         memcpy(opt->opt_data, ptr, opt->opt_optl);
-        skb_pull(skb, opt->opt_optl + 1);
+        skb_pull(skb, dn_ntohs(opt->opt_optl) + 1);
 
 }
 
@@ -1120,8 +1120,8 @@ static int dn_accept(struct socket *sock, struct socket *newsock, int flags)
 
        skb_pull(skb, dn_username2sockaddr(skb->data, skb->len, &(DN_SK(newsk)->addr), &type));
        skb_pull(skb, dn_username2sockaddr(skb->data, skb->len, &(DN_SK(newsk)->peer), &type));
-       *(dn_address *)(DN_SK(newsk)->peer.sdn_add.a_addr) = cb->src;
-       *(dn_address *)(DN_SK(newsk)->addr.sdn_add.a_addr) = cb->dst;
+       *(__le16 *)(DN_SK(newsk)->peer.sdn_add.a_addr) = cb->src;
+       *(__le16 *)(DN_SK(newsk)->addr.sdn_add.a_addr) = cb->dst;
 
        menuver = *skb->data;
        skb_pull(skb, 1);
@@ -1177,8 +1177,10 @@ static int dn_getname(struct socket *sock, struct sockaddr *uaddr,int *uaddr_len
        if (peer) {
                if ((sock->state != SS_CONNECTED && 
                     sock->state != SS_CONNECTING) && 
-                   scp->accept_mode == ACC_IMMED)
+                   scp->accept_mode == ACC_IMMED) {
+                       release_sock(sk);
                        return -ENOTCONN;
+               }
 
                memcpy(sa, &scp->peer, sizeof(struct sockaddr_dn));
        } else {
@@ -1252,7 +1254,7 @@ static int dn_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
                break;
 
        default:
-               err = dev_ioctl(cmd, (void __user *)arg);
+               err = -ENOIOCTLCMD;
                break;
        }
 
@@ -1364,7 +1366,7 @@ static int __dn_setsockopt(struct socket *sock, int level,int optname, char __us
                        if (optlen != sizeof(struct optdata_dn))
                                return -EINVAL;
 
-                       if (u.opt.opt_optl > 16)
+                       if (dn_ntohs(u.opt.opt_optl) > 16)
                                return -EINVAL;
 
                        memcpy(&scp->conndata_out, &u.opt, optlen);
@@ -1377,7 +1379,7 @@ static int __dn_setsockopt(struct socket *sock, int level,int optname, char __us
                        if (optlen != sizeof(struct optdata_dn))
                                return -EINVAL;
 
-                       if (u.opt.opt_optl > 16)
+                       if (dn_ntohs(u.opt.opt_optl) > 16)
                                return -EINVAL;
 
                        memcpy(&scp->discdata_out, &u.opt, optlen);
@@ -1692,7 +1694,7 @@ static int dn_recvmsg(struct kiocb *iocb, struct socket *sock,
        if (rv)
                goto out;
 
-       if (flags & ~(MSG_PEEK|MSG_OOB|MSG_WAITALL|MSG_DONTWAIT|MSG_NOSIGNAL)) {
+       if (flags & ~(MSG_CMSG_COMPAT|MSG_PEEK|MSG_OOB|MSG_WAITALL|MSG_DONTWAIT|MSG_NOSIGNAL)) {
                rv = -EOPNOTSUPP;
                goto out;
        }
@@ -2342,7 +2344,7 @@ static struct net_proto_family    dn_family_ops = {
        .owner  =       THIS_MODULE,
 };
 
-static struct proto_ops dn_proto_ops = {
+static const struct proto_ops dn_proto_ops = {
        .family =       AF_DECnet,
        .owner =        THIS_MODULE,
        .release =      dn_release,