* [PATCH 0/1] ipv6: fix restrict IPV6_ADDRFORM operation
@ 2020-04-18 15:30 John Haxby
2020-04-18 15:30 ` [PATCH 1/1] " John Haxby
0 siblings, 1 reply; 3+ messages in thread
From: John Haxby @ 2020-04-18 15:30 UTC (permalink / raw)
To: David S. Miller, Eric Dumazet
Cc: John Haxby, Alexey Kuznetsov, Hideaki YOSHIFUJI, Jakub Kicinski,
netdev, linux-kernel
Commit b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation") added a
check to ensure that sk->sk_prot is the default pointer for a TCP IPv6
socket, an issue found by syzbot.
The earlier code simply had
if (sk->sk_protocol != IPPROTO_TCP)
break;
and the new code degenerated to
if (sk->sk_protocol == IPPROTO_TCP)
break;
the very opposite of what was intended. The following patch
rearranges the checks so that the original sk->sk_prot == &tcpv6_prot
is just one of the series of checks made before moving the socket.
jch
John Haxby (1):
ipv6: fix restrict IPV6_ADDRFORM operation
net/ipv6/ipv6_sockglue.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
--
2.25.3
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/1] ipv6: fix restrict IPV6_ADDRFORM operation
2020-04-18 15:30 [PATCH 0/1] ipv6: fix restrict IPV6_ADDRFORM operation John Haxby
@ 2020-04-18 15:30 ` John Haxby
2020-04-20 18:07 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: John Haxby @ 2020-04-18 15:30 UTC (permalink / raw)
To: David S. Miller, Eric Dumazet
Cc: John Haxby, Alexey Kuznetsov, Hideaki YOSHIFUJI, Jakub Kicinski,
netdev, linux-kernel, stable
Commit b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation") fixed a
problem found by syzbot an unfortunate logic error meant that it
also broke IPV6_ADDRFORM.
Rearrange the checks so that the earlier test is just one of the series
of checks made before moving the socket from IPv6 to IPv4.
Fixes: b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation")
Signed-off-by: John Haxby <john.haxby@oracle.com>
Cc: stable@vger.kernel.org
---
net/ipv6/ipv6_sockglue.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index debdaeba5d8c..18d05403d3b5 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -183,15 +183,14 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
retv = -EBUSY;
break;
}
- } else if (sk->sk_protocol == IPPROTO_TCP) {
- if (sk->sk_prot != &tcpv6_prot) {
- retv = -EBUSY;
- break;
- }
- break;
- } else {
+ }
+ if (sk->sk_protocol == IPPROTO_TCP &&
+ sk->sk_prot != &tcpv6_prot) {
+ retv = -EBUSY;
break;
}
+ if (sk->sk_protocol != IPPROTO_TCP)
+ break;
if (sk->sk_state != TCP_ESTABLISHED) {
retv = -ENOTCONN;
break;
--
2.25.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] ipv6: fix restrict IPV6_ADDRFORM operation
2020-04-18 15:30 ` [PATCH 1/1] " John Haxby
@ 2020-04-20 18:07 ` David Miller
0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2020-04-20 18:07 UTC (permalink / raw)
To: john.haxby; +Cc: edumazet, kuznet, yoshfuji, kuba, netdev, linux-kernel, stable
From: John Haxby <john.haxby@oracle.com>
Date: Sat, 18 Apr 2020 16:30:49 +0100
> Commit b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation") fixed a
> problem found by syzbot an unfortunate logic error meant that it
> also broke IPV6_ADDRFORM.
>
> Rearrange the checks so that the earlier test is just one of the series
> of checks made before moving the socket from IPv6 to IPv4.
>
> Fixes: b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation")
> Signed-off-by: John Haxby <john.haxby@oracle.com>
Applied, thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-04-20 18:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-18 15:30 [PATCH 0/1] ipv6: fix restrict IPV6_ADDRFORM operation John Haxby
2020-04-18 15:30 ` [PATCH 1/1] " John Haxby
2020-04-20 18:07 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).