diff options
| author | Eric Dumazet <[email protected]> | 2024-01-11 19:49:14 +0000 |
|---|---|---|
| committer | Jakub Kicinski <[email protected]> | 2024-01-12 18:14:21 -0800 |
| commit | c1665273bdc7c201766c65e561c06711f2e050dc (patch) | |
| tree | 9463afde128bccc59ec863f1fa942c326271d62b | |
| parent | 89e23277f9c16df6f9f9c1a1a07f8f132339c15c (diff) | |
mptcp: strict validation before using mp_opt->hmac
mp_opt->hmac contains uninitialized data unless OPTION_MPTCP_MPJ_ACK
was set in mptcp_parse_option().
We must refine the condition before we call subflow_hmac_valid().
Fixes: f296234c98a8 ("mptcp: Add handling of incoming MP_JOIN requests")
Signed-off-by: Eric Dumazet <[email protected]>
Cc: Florian Westphal <[email protected]>
Cc: Peter Krystad <[email protected]>
Cc: Matthieu Baerts <[email protected]>
Cc: Mat Martineau <[email protected]>
Cc: Geliang Tang <[email protected]>
Reviewed-by: Simon Horman <[email protected]>
Acked-by: Paolo Abeni <[email protected]>
Reviewed-by: Mat Martineau <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
| -rw-r--r-- | net/mptcp/subflow.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 3eacd04e7099..bb05477006a6 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -788,7 +788,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, } else if (subflow_req->mp_join) { mptcp_get_options(skb, &mp_opt); - if (!(mp_opt.suboptions & OPTIONS_MPTCP_MPJ) || + if (!(mp_opt.suboptions & OPTION_MPTCP_MPJ_ACK) || !subflow_hmac_valid(req, &mp_opt) || !mptcp_can_accept_new_subflow(subflow_req->msk)) { SUBFLOW_REQ_INC_STATS(req, MPTCP_MIB_JOINACKMAC); |