]> www.infradead.org Git - users/willy/pagecache.git/commitdiff
projects / users / willy / pagecache.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 74382ae)
net/tcp_ao: Don't leak ao_info on error-path
authorDmitry Safonov <0x7f454c46@gmail.com>
Wed, 19 Jun 2024 00:29:04 +0000 (01:29 +0100)
committerJakub Kicinski <kuba@kernel.org>
Thu, 20 Jun 2024 00:30:19 +0000 (17:30 -0700)
It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on
version 5 [1] of TCP-AO patches. Quite frustrative that having all these
selftests that I've written, running kmemtest & kcov was always in todo.

[1]: https://lore.kernel.org/netdev/20230215183335.800122-5-dima@arista.com/

Reported-by: Jakub Kicinski <kuba@kernel.org>
Closes: https://lore.kernel.org/netdev/20240617072451.1403e1d2@kernel.org/
Fixes: 0aadc73995d0 ("net/tcp: Prevent TCP-MD5 with TCP-AO being set")
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Safonov <0x7f454c46@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20240619-tcp-ao-required-leak-v1-1-6408f3c94247@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
net/ipv4/tcp_ao.c patch | blob | history

diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c
index 37c42b63ff993466b52c5eea7270312149ca913b..09c0fa6756b7d5c0fc702c1a8bf48d1ebd2bdd92 100644 (file)
--- a/net/ipv4/tcp_ao.c
+++ b/net/ipv4/tcp_ao.c
@@ -1968,8 +1968,10 @@ static int tcp_ao_info_cmd(struct sock *sk, unsigned short int family,
                first = true;
        }
 
-       if (cmd.ao_required && tcp_ao_required_verify(sk))
-               return -EKEYREJECTED;
+       if (cmd.ao_required && tcp_ao_required_verify(sk)) {
+               err = -EKEYREJECTED;
+               goto out;
+       }
 
        /* For sockets in TCP_CLOSED it's possible set keys that aren't
         * matching the future peer (address/port/VRF/etc),
Unnamed repository; edit this file 'description' to name the repository.