ipv6: Remove options header when setsockopt's optlen is 0

[net-next-2.6.git] / net / ipv6 / ipv6_sockglue.c

diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 26b83e512a0922d86c38144a1c53052b0163eed7..86e28a75267f4dac4a72a4c02413ab6c99945a60 100644 (file)
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -67,7 +67,7 @@ int ip6_ra_control(struct sock *sk, int sel, void (*destructor)(struct sock *))
 
        /* RA packet may be delivered ONLY to IPPROTO_RAW socket */
        if (sk->sk_type != SOCK_RAW || inet_sk(sk)->num != IPPROTO_RAW)
-               return -EINVAL;
+               return -ENOPROTOOPT;
 
        new_ra = (sel>=0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
 
@@ -345,18 +345,21 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
        case IPV6_DSTOPTS:
        {
                struct ipv6_txoptions *opt;
+
+               /* remove any sticky options header with a zero option
+                * length, per RFC3542.
+                */
                if (optlen == 0)
                        optval = NULL;
+               else if (optlen < sizeof(struct ipv6_opt_hdr) ||
+                        optlen & 0x7 || optlen > 8 * 255)
+                       goto e_inval;
 
                /* hop-by-hop / destination options are privileged option */
                retv = -EPERM;
                if (optname != IPV6_RTHDR && !capable(CAP_NET_RAW))
                        break;
 
-               if (optlen < sizeof(struct ipv6_opt_hdr) ||
-                   optlen & 0x7 || optlen > 8 * 255)
-                       goto e_inval;
-
                opt = ipv6_renew_options(sk, np->opt, optname,
                                         (struct ipv6_opt_hdr __user *)optval,
                                         optlen);
@@ -446,7 +449,7 @@ done:
 
        case IPV6_MULTICAST_HOPS:
                if (sk->sk_type == SOCK_STREAM)
-                       goto e_inval;
+                       break;
                if (optlen < sizeof(int))
                        goto e_inval;
                if (val > 255 || val < -1)
@@ -458,13 +461,15 @@ done:
        case IPV6_MULTICAST_LOOP:
                if (optlen < sizeof(int))
                        goto e_inval;
+               if (val != valbool)
+                       goto e_inval;
                np->mc_loop = valbool;
                retv = 0;
                break;
 
        case IPV6_MULTICAST_IF:
                if (sk->sk_type == SOCK_STREAM)
-                       goto e_inval;
+                       break;
                if (optlen < sizeof(int))
                        goto e_inval;
 
@@ -860,7 +865,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
                if (sk->sk_protocol != IPPROTO_UDP &&
                    sk->sk_protocol != IPPROTO_UDPLITE &&
                    sk->sk_protocol != IPPROTO_TCP)
-                       return -EINVAL;
+                       return -ENOPROTOOPT;
                if (sk->sk_state != TCP_ESTABLISHED)
                        return -ENOTCONN;
                val = sk->sk_family;
@@ -874,6 +879,8 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
                        return -EINVAL;
                if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0)))
                        return -EFAULT;
+               if (gsf.gf_group.ss_family != AF_INET6)
+                       return -EADDRNOTAVAIL;
                lock_sock(sk);
                err = ip6_mc_msfget(sk, &gsf,
                        (struct group_filter __user *)optval, optlen);