Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0382a25a authored by Guillaume Nault's avatar Guillaume Nault Committed by David S. Miller
Browse files

l2tp: lock socket before checking flags in connect() 



Socket flags aren't updated atomically, so the socket must be locked
while reading the SOCK_ZAPPED flag.

This issue exists for both l2tp_ip and l2tp_ip6. For IPv6, this patch
also brings error handling for __ip6_datagram_connect() failures.

Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent bb83d62f

include/net/ipv6.h

+2 −0
Original line number Diff line number Diff line
@@ -970,6 +970,8 @@ int compat_ipv6_setsockopt(struct sock *sk, int level, int optname, 
int compat_ipv6_getsockopt(struct sock *sk, int level, int optname,

			   char __user *optval, int __user *optlen);



int __ip6_datagram_connect(struct sock *sk, struct sockaddr *addr,

			   int addr_len);

int ip6_datagram_connect(struct sock *sk, struct sockaddr *addr, int addr_len);

int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *addr,

				 int addr_len);

net/ipv6/datagram.c

+3 −1
Original line number Diff line number Diff line
@@ -139,7 +139,8 @@ void ip6_datagram_release_cb(struct sock *sk) 
}

EXPORT_SYMBOL_GPL(ip6_datagram_release_cb);



static int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)

int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr,

			   int addr_len)

{

	struct sockaddr_in6	*usin = (struct sockaddr_in6 *) uaddr;

	struct inet_sock	*inet = inet_sk(sk);
@@ -252,6 +253,7 @@ static int __ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int a 
out:

	return err;

}

EXPORT_SYMBOL_GPL(__ip6_datagram_connect);



int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)

{

net/l2tp/l2tp_ip.c

+12 −7
Original line number Diff line number Diff line
@@ -308,21 +308,24 @@ static int l2tp_ip_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len 
	struct sockaddr_l2tpip *lsa = (struct sockaddr_l2tpip *) uaddr;

	int rc;



	if (sock_flag(sk, SOCK_ZAPPED)) /* Must bind first - autobinding does not work */

		return -EINVAL;



	if (addr_len < sizeof(*lsa))

		return -EINVAL;



	if (ipv4_is_multicast(lsa->l2tp_addr.s_addr))

		return -EINVAL;



	rc = ip4_datagram_connect(sk, uaddr, addr_len);

	if (rc < 0)

		return rc;



	lock_sock(sk);



	/* Must bind first - autobinding does not work */

	if (sock_flag(sk, SOCK_ZAPPED)) {

		rc = -EINVAL;

		goto out_sk;

	}



	rc = __ip4_datagram_connect(sk, uaddr, addr_len);

	if (rc < 0)

		goto out_sk;



	l2tp_ip_sk(sk)->peer_conn_id = lsa->l2tp_conn_id;



	write_lock_bh(&l2tp_ip_lock);
@@ -330,7 +333,9 @@ static int l2tp_ip_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len 
	sk_add_bind_node(sk, &l2tp_ip_bind_table);

	write_unlock_bh(&l2tp_ip_lock);



out_sk:

	release_sock(sk);



	return rc;

}

net/l2tp/l2tp_ip6.c

+11 −5
Original line number Diff line number Diff line
@@ -371,9 +371,6 @@ static int l2tp_ip6_connect(struct sock *sk, struct sockaddr *uaddr, 
	int	addr_type;

	int rc;



	if (sock_flag(sk, SOCK_ZAPPED)) /* Must bind first - autobinding does not work */

		return -EINVAL;



	if (addr_len < sizeof(*lsa))

		return -EINVAL;
@@ -390,10 +387,18 @@ static int l2tp_ip6_connect(struct sock *sk, struct sockaddr *uaddr, 
			return -EINVAL;

	}



	rc = ip6_datagram_connect(sk, uaddr, addr_len);



	lock_sock(sk);



	 /* Must bind first - autobinding does not work */

	if (sock_flag(sk, SOCK_ZAPPED)) {

		rc = -EINVAL;

		goto out_sk;

	}



	rc = __ip6_datagram_connect(sk, uaddr, addr_len);

	if (rc < 0)

		goto out_sk;



	l2tp_ip6_sk(sk)->peer_conn_id = lsa->l2tp_conn_id;



	write_lock_bh(&l2tp_ip6_lock);
@@ -401,6 +406,7 @@ static int l2tp_ip6_connect(struct sock *sk, struct sockaddr *uaddr, 
	sk_add_bind_node(sk, &l2tp_ip6_bind_table);

	write_unlock_bh(&l2tp_ip6_lock);



out_sk:

	release_sock(sk);



	return rc;