git://git.onelab.eu / linux-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fedora kernel-2.6.17-1.2142_FC4 patched with stable patch-2.6.17.4-vs2.0.2-rc26.diff
[linux-2.6.git] / net / llc / llc_input.c
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index 4da6976..d62e0f9 100644 (file)
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -99,22 +99,27 @@ out:
 static inline int llc_fixup_skb(struct sk_buff *skb)
 {
        u8 llc_len = 2;
-       struct llc_pdu_sn *pdu;
+       struct llc_pdu_un *pdu;
 
-       if (!pskb_may_pull(skb, sizeof(*pdu)))
+       if (unlikely(!pskb_may_pull(skb, sizeof(*pdu))))
                return 0;
 
-       pdu = (struct llc_pdu_sn *)skb->data;
+       pdu = (struct llc_pdu_un *)skb->data;
        if ((pdu->ctrl_1 & LLC_PDU_TYPE_MASK) == LLC_PDU_TYPE_U)
                llc_len = 1;
        llc_len += 2;
+
+       if (unlikely(!pskb_may_pull(skb, llc_len)))
+               return 0;
+
        skb->h.raw += llc_len;
        skb_pull(skb, llc_len);
        if (skb->protocol == htons(ETH_P_802_2)) {
                u16 pdulen = eth_hdr(skb)->h_proto,
                    data_size = ntohs(pdulen) - llc_len;
 
-               skb_trim(skb, data_size);
+               if (unlikely(pskb_trim_rcsum(skb, data_size)))
+                       return 0;
        }
        return 1;
 }
@@ -132,7 +137,7 @@ static inline int llc_fixup_skb(struct sk_buff *skb)
  *     data now), it queues this frame in the connection's backlog.
  */
 int llc_rcv(struct sk_buff *skb, struct net_device *dev,
-           struct packet_type *pt)
+           struct packet_type *pt, struct net_device *orig_dev)
 {
        struct llc_sap *sap;
        struct llc_pdu_sn *pdu;
@@ -165,18 +170,23 @@ int llc_rcv(struct sk_buff *skb, struct net_device *dev,
         * LLC functionality
         */
        if (sap->rcv_func) {
-               sap->rcv_func(skb, dev, pt);
-               goto out;
+               sap->rcv_func(skb, dev, pt, orig_dev);
+               goto out_put;
        }
        dest = llc_pdu_type(skb);
        if (unlikely(!dest || !llc_type_handlers[dest - 1]))
-               goto drop;
+               goto drop_put;
        llc_type_handlers[dest - 1](sap, skb);
+out_put:
+       llc_sap_put(sap);
 out:
        return 0;
 drop:
        kfree_skb(skb);
        goto out;
+drop_put:
+       kfree_skb(skb);
+       goto out_put;
 handle_station:
        if (!llc_station_handler)
                goto drop;
linux-2.6