tcp: Do not call IPv4 specific func in tcp_check_req

Calling IPv4 specific inet_csk_route_req in tcp_check_req
is a bad idea and crashes machine on IPv6 connections, as reported
by Valdis Kletnieks

Also, all we are really interested in is the timestamp
option in the header, so calling tcp_parse_options()
with the "estab" set to false flag is an overkill as
it tries to parse half a dozen other TCP options.

We know whether timestamp should be enabled or not
using data from request_sock.

Signed-off-by: Gilad Ben-Yossef <gilad@codefidence.com>
Tested-by: Valdis.Kletnieks@vt.edu
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 463d51b53d37b120e398f9c17f88592d06038d29..a9d34e224cb679720906792776daa8fec02ad068 100644 (file)
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -500,11 +500,10 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
        int paws_reject = 0;
        struct tcp_options_received tmp_opt;
        struct sock *child;
-       struct dst_entry *dst = inet_csk_route_req(sk, req);
 
-       tmp_opt.saw_tstamp = 0;
-       if (th->doff > (sizeof(struct tcphdr)>>2)) {
-               tcp_parse_options(skb, &tmp_opt, 0, dst);
+       if ((th->doff > (sizeof(struct tcphdr)>>2)) && (req->ts_recent)) {
+               tmp_opt.tstamp_ok = 1;
+               tcp_parse_options(skb, &tmp_opt, 1, NULL);
 
                if (tmp_opt.saw_tstamp) {
                        tmp_opt.ts_recent = req->ts_recent;
@@ -517,8 +516,6 @@ struct sock *tcp_check_req(struct sock *sk, struct sk_buff *skb,
                }
        }
 
-       dst_release(dst);
-
        /* Check for pure retransmitted SYN. */
        if (TCP_SKB_CB(skb)->seq == tcp_rsk(req)->rcv_isn &&
            flg == TCP_FLAG_SYN &&