ndisc: Calculate message body length and option length separately.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 62b1415..c2b16ff 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -426,6 +426,7 @@
struct sk_buff *skb;
struct icmp6hdr *hdr;
int len;
+ int optlen = 0;
u8 *opt;
if (!dev->addr_len)
@@ -433,13 +434,13 @@
len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
if (llinfo)
- len += ndisc_opt_addr_space(dev);
+ optlen += ndisc_opt_addr_space(dev);
- skb = ndisc_alloc_skb(dev, len);
+ skb = ndisc_alloc_skb(dev, len + optlen);
if (!skb)
return NULL;
- skb_put(skb, len);
+ skb_put(skb, len + optlen);
hdr = (struct icmp6hdr *)skb_transport_header(skb);
memcpy(hdr, icmp6h, sizeof(*hdr));
@@ -1396,7 +1397,7 @@
struct net_device *dev = skb->dev;
struct net *net = dev_net(dev);
struct sock *sk = net->ipv6.ndisc_sk;
- int len = sizeof(struct rd_msg);
+ int optlen = 0;
struct inet_peer *peer;
struct sk_buff *buff;
struct rd_msg *msg;
@@ -1463,7 +1464,7 @@
memcpy(ha_buf, neigh->ha, dev->addr_len);
read_unlock_bh(&neigh->lock);
ha = ha_buf;
- len += ndisc_opt_addr_space(dev);
+ optlen += ndisc_opt_addr_space(dev);
} else
read_unlock_bh(&neigh->lock);
@@ -1471,15 +1472,16 @@
}
rd_len = min_t(unsigned int,
- IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
+ IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
+ skb->len + 8);
rd_len &= ~0x7;
- len += rd_len;
+ optlen += rd_len;
- buff = ndisc_alloc_skb(dev, len);
+ buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
if (!buff)
goto release;
- skb_put(buff, len);
+ skb_put(buff, sizeof(*msg) + optlen);
msg = (struct rd_msg *)icmp6_hdr(buff);
memset(&msg->icmph, 0, sizeof(struct icmp6hdr));