linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/1] ipv6: fix restrict IPV6_ADDRFORM operation
@ 2020-04-18 15:30 John Haxby
  2020-04-18 15:30 ` [PATCH 1/1] " John Haxby
  0 siblings, 1 reply; 3+ messages in thread
From: John Haxby @ 2020-04-18 15:30 UTC (permalink / raw)
  To: David S. Miller, Eric Dumazet
  Cc: John Haxby, Alexey Kuznetsov, Hideaki YOSHIFUJI, Jakub Kicinski,
	netdev, linux-kernel

Commit b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation") added a
check to ensure that sk->sk_prot is the default pointer for a TCP IPv6
socket, an issue found by syzbot.

The earlier code simply had

    if (sk->sk_protocol != IPPROTO_TCP)
       break;

and the new code degenerated to

    if (sk->sk_protocol == IPPROTO_TCP)
       break;

the very opposite of what was intended.  The following patch
rearranges the checks so that the original sk->sk_prot == &tcpv6_prot
is just one of the series of checks made before moving the socket.

jch

John Haxby (1):
  ipv6: fix restrict IPV6_ADDRFORM operation

 net/ipv6/ipv6_sockglue.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

-- 
2.25.3


^ permalink raw reply	[flat|nested] 3+ messages in thread
* [PATCH 1/1] ipv6: fix restrict IPV6_ADDRFORM operation
  2020-04-18 15:30 [PATCH 0/1] ipv6: fix restrict IPV6_ADDRFORM operation John Haxby
@ 2020-04-18 15:30 ` John Haxby
  2020-04-20 18:07   ` David Miller
  0 siblings, 1 reply; 3+ messages in thread
From: John Haxby @ 2020-04-18 15:30 UTC (permalink / raw)
  To: David S. Miller, Eric Dumazet
  Cc: John Haxby, Alexey Kuznetsov, Hideaki YOSHIFUJI, Jakub Kicinski,
	netdev, linux-kernel, stable

Commit b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation") fixed a
problem found by syzbot an unfortunate logic error meant that it
also broke IPV6_ADDRFORM.

Rearrange the checks so that the earlier test is just one of the series
of checks made before moving the socket from IPv6 to IPv4.

Fixes: b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation")
Signed-off-by: John Haxby <john.haxby@oracle.com>
Cc: stable@vger.kernel.org
---
 net/ipv6/ipv6_sockglue.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index debdaeba5d8c..18d05403d3b5 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -183,15 +183,14 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
 					retv = -EBUSY;
 					break;
 				}
-			} else if (sk->sk_protocol == IPPROTO_TCP) {
-				if (sk->sk_prot != &tcpv6_prot) {
-					retv = -EBUSY;
-					break;
-				}
-				break;
-			} else {
+			}
+			if (sk->sk_protocol == IPPROTO_TCP &&
+			    sk->sk_prot != &tcpv6_prot) {
+				retv = -EBUSY;
 				break;
 			}
+			if (sk->sk_protocol != IPPROTO_TCP)
+				break;
 			if (sk->sk_state != TCP_ESTABLISHED) {
 				retv = -ENOTCONN;
 				break;
-- 
2.25.3


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] ipv6: fix restrict IPV6_ADDRFORM operation
  2020-04-18 15:30 ` [PATCH 1/1] " John Haxby
@ 2020-04-20 18:07   ` David Miller
  0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2020-04-20 18:07 UTC (permalink / raw)
  To: john.haxby; +Cc: edumazet, kuznet, yoshfuji, kuba, netdev, linux-kernel, stable

From: John Haxby <john.haxby@oracle.com>
Date: Sat, 18 Apr 2020 16:30:49 +0100

> Commit b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation") fixed a
> problem found by syzbot an unfortunate logic error meant that it
> also broke IPV6_ADDRFORM.
> 
> Rearrange the checks so that the earlier test is just one of the series
> of checks made before moving the socket from IPv6 to IPv4.
> 
> Fixes: b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation")
> Signed-off-by: John Haxby <john.haxby@oracle.com>

Applied, thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-04-20 18:07 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-18 15:30 [PATCH 0/1] ipv6: fix restrict IPV6_ADDRFORM operation John Haxby
2020-04-18 15:30 ` [PATCH 1/1] " John Haxby
2020-04-20 18:07   ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).