From: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Date: Sat, 2 Apr 2011 04:47:41 +0000 (-0700)
Subject: tcp: len check is unnecessarily devastating, change to WARN_ON
X-Git-Tag: v2.6.38.8~87
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=21fdc47e2e3238412559703663e5a04cbebb4309;p=thirdparty%2Fkernel%2Fstable.git

tcp: len check is unnecessarily devastating, change to WARN_ON

[ Upstream commit 2fceec13375e5d98ef033c6b0ee03943fc460950 ]

All callers are prepared for alloc failures anyway, so this error
can safely be boomeranged to the callers domain without super
bad consequences. ...At worst the connection might go into a state
where each RTO tries to (unsuccessfully) re-fragment with such
a mis-sized value and eventually dies.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index dfa5beb0c1c8c..8b0d0167e44aa 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1003,7 +1003,8 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len,
 	int nlen;
 	u8 flags;
 
-	BUG_ON(len > skb->len);
+	if (WARN_ON(len > skb->len))
+		return -EINVAL;
 
 	nsize = skb_headlen(skb) - len;
 	if (nsize < 0)