IPCOMP: Fetch nexthdr before ipch is destroyed

[karo-tx-linux.git] / net / ipv4 / ipcomp.c

diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index e787044a85148ebceaafdbb964c7dd15c2e99daa..80cab8c73074525026c514633b415e9d36d76a98 100644 (file)
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -14,9 +14,9 @@
  *   - Adaptive compression.
  */
 #include <linux/module.h>
-#include <asm/scatterlist.h>
 #include <asm/semaphore.h>
 #include <linux/crypto.h>
+#include <linux/err.h>
 #include <linux/pfkeyv2.h>
 #include <linux/percpu.h>
 #include <linux/smp.h>
@@ -74,8 +74,8 @@ out:
 
 static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
 {
+       int nexthdr;
        int err = -ENOMEM;
-       struct iphdr *iph;
        struct ip_comp_hdr *ipch;
 
        if (skb_linearize_cow(skb))
@@ -84,12 +84,16 @@ static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
        skb->ip_summed = CHECKSUM_NONE;
 
        /* Remove ipcomp header and decompress original payload */
-       iph = ip_hdr(skb);
        ipch = (void *)skb->data;
-       iph->protocol = ipch->nexthdr;
+       nexthdr = ipch->nexthdr;
+
        skb->transport_header = skb->network_header + sizeof(*ipch);
        __skb_pull(skb, sizeof(*ipch));
        err = ipcomp_decompress(x, skb);
+       if (err)
+               goto out;
+
+       err = nexthdr;
 
 out:
        return err;
@@ -98,10 +102,9 @@ out:
 static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
 {
        struct ipcomp_data *ipcd = x->data;
-       const int ihlen = ip_hdrlen(skb);
-       const int plen = skb->len - ihlen;
+       const int plen = skb->len;
        int dlen = IPCOMP_SCRATCH_SIZE;
-       u8 *start = skb->data + ihlen;
+       u8 *start = skb->data;
        const int cpu = get_cpu();
        u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
        struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
@@ -118,7 +121,7 @@ static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
        memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
        put_cpu();
 
-       pskb_trim(skb, ihlen + dlen + sizeof(struct ip_comp_hdr));
+       pskb_trim(skb, dlen + sizeof(struct ip_comp_hdr));
        return 0;
 
 out:
@@ -131,12 +134,8 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
        int err;
        struct ip_comp_hdr *ipch;
        struct ipcomp_data *ipcd = x->data;
-       int hdr_len = 0;
-       struct iphdr *iph = ip_hdr(skb);
 
-       iph->tot_len = htons(skb->len);
-       hdr_len = iph->ihl * 4;
-       if ((skb->len - hdr_len) < ipcd->threshold) {
+       if (skb->len < ipcd->threshold) {
                /* Don't bother compressing */
                goto out_ok;
        }
@@ -145,25 +144,19 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
                goto out_ok;
 
        err = ipcomp_compress(x, skb);
-       iph = ip_hdr(skb);
 
        if (err) {
                goto out_ok;
        }
 
        /* Install ipcomp header, convert into ipcomp datagram. */
-       iph->tot_len = htons(skb->len);
-       ipch = (struct ip_comp_hdr *)((char *)iph + iph->ihl * 4);
-       ipch->nexthdr = iph->protocol;
+       ipch = ip_comp_hdr(skb);
+       ipch->nexthdr = *skb_mac_header(skb);
        ipch->flags = 0;
        ipch->cpi = htons((u16 )ntohl(x->id.spi));
-       iph->protocol = IPPROTO_COMP;
-       ip_send_check(iph);
-       return 0;
-
+       *skb_mac_header(skb) = IPPROTO_COMP;
 out_ok:
-       if (x->props.mode == XFRM_MODE_TUNNEL)
-               ip_send_check(iph);
+       skb_push(skb, -skb_network_offset(skb));
        return 0;
 }
 
@@ -355,7 +348,7 @@ static struct crypto_comp **ipcomp_alloc_tfms(const char *alg_name)
        for_each_possible_cpu(cpu) {
                struct crypto_comp *tfm = crypto_alloc_comp(alg_name, 0,
                                                            CRYPTO_ALG_ASYNC);
-               if (!tfm)
+               if (IS_ERR(tfm))
                        goto error;
                *per_cpu_ptr(tfms, cpu) = tfm;
        }