tcp_yeah: don't set ssthresh below 2

[pandora-kernel.git] / net / ipv4 / cipso_ipv4.c

diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index 86f3b88..dbec8b5 100644 (file)
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -974,7 +974,7 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def,
                                return -EPERM;
                        break;
                }
-               ret_val = netlbl_secattr_catmap_setbit(secattr->attr.mls.cat,
+               ret_val = netlbl_secattr_catmap_setbit(&secattr->attr.mls.cat,
                                                       host_spot,
                                                       GFP_ATOMIC);
                if (ret_val != 0)
@@ -1076,7 +1076,7 @@ static int cipso_v4_map_cat_enum_ntoh(const struct cipso_v4_doi *doi_def,
        u32 iter;
 
        for (iter = 0; iter < net_cat_len; iter += 2) {
-               ret_val = netlbl_secattr_catmap_setbit(secattr->attr.mls.cat,
+               ret_val = netlbl_secattr_catmap_setbit(&secattr->attr.mls.cat,
                                get_unaligned_be16(&net_cat[iter]),
                                GFP_ATOMIC);
                if (ret_val != 0)
@@ -1218,7 +1218,7 @@ static int cipso_v4_map_cat_rng_ntoh(const struct cipso_v4_doi *doi_def,
                else
                        cat_low = 0;
 
-               ret_val = netlbl_secattr_catmap_setrng(secattr->attr.mls.cat,
+               ret_val = netlbl_secattr_catmap_setrng(&secattr->attr.mls.cat,
                                                       cat_low,
                                                       cat_high,
                                                       GFP_ATOMIC);
@@ -1725,8 +1725,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option)
                case CIPSO_V4_TAG_LOCAL:
                        /* This is a non-standard tag that we only allow for
                         * local connections, so if the incoming interface is
-                        * not the loopback device drop the packet. */
-                       if (!(skb->dev->flags & IFF_LOOPBACK)) {
+                        * not the loopback device drop the packet. Further,
+                        * there is no legitimate reason for setting this from
+                        * userspace so reject it if skb is NULL. */
+                       if (skb == NULL || !(skb->dev->flags & IFF_LOOPBACK)) {
                                err_offset = opt_iter;
                                goto validate_return_locked;
                        }