tcp: len check is unnecessarily devastating, change to WARN_ON All callers are prepared for alloc failures anyway, so this error can safely be boomeranged to the callers domain without super bad consequences. ...At worst the connection might go into a state where each RTO tries to (unsuccessfully) re-fragment with such a mis-sized value and eventually dies. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 2fceec13375e5d98ef033c6b0ee03943fc460950 [log] [tgz]
author: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Fri Apr 01 21:47:41 2011 -0700
committer: David S. Miller <davem@davemloft.net> Fri Apr 01 21:47:41 2011 -0700
tree: 34870f61085509c0ff3d8cef819846fc31e94e7c
parent: 2cab86bee8e7f353e6ac8c15b3eb906643497644 [diff]
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index dfa5beb..8b0d016 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c

@@ -1003,7 +1003,8 @@
 	int nlen;
 	u8 flags;
 
-	BUG_ON(len > skb->len);
+	if (WARN_ON(len > skb->len))
+		return -EINVAL;
 
 	nsize = skb_headlen(skb) - len;
 	if (nsize < 0)
commit	2fceec13375e5d98ef033c6b0ee03943fc460950	[log] [tgz]
author	Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>	Fri Apr 01 21:47:41 2011 -0700
committer	David S. Miller <davem@davemloft.net>	Fri Apr 01 21:47:41 2011 -0700
tree	34870f61085509c0ff3d8cef819846fc31e94e7c
parent	2cab86bee8e7f353e6ac8c15b3eb906643497644 [diff]