diff options
| author | Tao Wu <lepton@google.com> | 2017-11-08 14:53:40 -0800 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2017-11-09 18:59:22 +0100 |
| commit | 990132cda9baa27bdc558df6c9c15aacb0322d2c (patch) | |
| tree | cb40a0540ad52feeb05d38f5cc2c705bd5cee6d4 /slirp/tcp_subr.c | |
| parent | b0fbe46ad82982b289a44ee2495b59b0bad8a842 (diff) | |
| download | qemu-990132cda9baa27bdc558df6c9c15aacb0322d2c.tar.gz | |
slirp: don't zero the whole ti_i when m == NULL
98c63057d2144fb81681580cd84c13c93794c96e ('slirp: Factorizing
tcpiphdr structure with an union') introduced a memset call to clear
possibly-undefined fields in ti. This however overwrites src/dst/pr which
are used below.
So let us clear only the unused fields.
This should fix some rare cases (some RST cases, keep alive probes)
where packets would be sent to 0.0.0.0.
Signed-off-by: Tao Wu <lepton@google.com>
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Diffstat (limited to 'slirp/tcp_subr.c')
| -rw-r--r-- | slirp/tcp_subr.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index dc8b4bbb50..da0d53743f 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -148,7 +148,16 @@ tcp_respond(struct tcpcb *tp, struct tcpiphdr *ti, struct mbuf *m, m->m_data += IF_MAXLINKHDR; *mtod(m, struct tcpiphdr *) = *ti; ti = mtod(m, struct tcpiphdr *); - memset(&ti->ti, 0, sizeof(ti->ti)); + switch (af) { + case AF_INET: + ti->ti.ti_i4.ih_x1 = 0; + break; + case AF_INET6: + ti->ti.ti_i6.ih_x1 = 0; + break; + default: + g_assert_not_reached(); + } flags = TH_ACK; } else { /* |