Skip to content

Commit ff2c051

Browse files
author
Paolo Abeni
committed
Merge branch 'dccp-tcp-relocate-security_inet_conn_request'
Kuniyuki Iwashima says: ==================== dccp/tcp: Relocate security_inet_conn_request(). security_inet_conn_request() reads reqsk's remote address, but it's not initialised in some places. Let's make sure the address is set before security_inet_conn_request(). ==================== Link: https://lore.kernel.org/r/20231030201042.32885-1-kuniyu@amazon.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2 parents a1602d7 + 23be1e0 commit ff2c051

File tree

3 files changed

+10
-9
lines changed

3 files changed

+10
-9
lines changed

net/dccp/ipv4.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -629,16 +629,16 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
629629
if (dccp_parse_options(sk, dreq, skb))
630630
goto drop_and_free;
631631

632-
if (security_inet_conn_request(sk, skb, req))
633-
goto drop_and_free;
634-
635632
ireq = inet_rsk(req);
636633
sk_rcv_saddr_set(req_to_sk(req), ip_hdr(skb)->daddr);
637634
sk_daddr_set(req_to_sk(req), ip_hdr(skb)->saddr);
638635
ireq->ir_mark = inet_request_mark(sk, skb);
639636
ireq->ireq_family = AF_INET;
640637
ireq->ir_iif = READ_ONCE(sk->sk_bound_dev_if);
641638

639+
if (security_inet_conn_request(sk, skb, req))
640+
goto drop_and_free;
641+
642642
/*
643643
* Step 3: Process LISTEN state
644644
*

net/dccp/ipv6.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -360,15 +360,15 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
360360
if (dccp_parse_options(sk, dreq, skb))
361361
goto drop_and_free;
362362

363-
if (security_inet_conn_request(sk, skb, req))
364-
goto drop_and_free;
365-
366363
ireq = inet_rsk(req);
367364
ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
368365
ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
369366
ireq->ireq_family = AF_INET6;
370367
ireq->ir_mark = inet_request_mark(sk, skb);
371368

369+
if (security_inet_conn_request(sk, skb, req))
370+
goto drop_and_free;
371+
372372
if (ipv6_opt_accepted(sk, skb, IP6CB(skb)) ||
373373
np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
374374
np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {

net/ipv6/syncookies.c

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -181,14 +181,15 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
181181
treq = tcp_rsk(req);
182182
treq->tfo_listener = false;
183183

184-
if (security_inet_conn_request(sk, skb, req))
185-
goto out_free;
186-
187184
req->mss = mss;
188185
ireq->ir_rmt_port = th->source;
189186
ireq->ir_num = ntohs(th->dest);
190187
ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
191188
ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
189+
190+
if (security_inet_conn_request(sk, skb, req))
191+
goto out_free;
192+
192193
if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) ||
193194
np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
194195
np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {

0 commit comments

Comments
 (0)