Merge branch 'dccp-tcp-relocate-security_inet_conn_request'

Kuniyuki Iwashima says: ==================== dccp/tcp: Relocate security_inet_conn_request(). security_inet_conn_request() reads reqsk's remote address, but it's not initialised in some places. Let's make sure the address is set before security_inet_conn_request(). ==================== Link: https://lore.kernel.org/r/20231030201042.32885-1-kuniyu@amazon.comSigned-off-by: Paolo Abeni <pabeni@redhat.com>

Merge branch 'dccp-tcp-relocate-security_inet_conn_request'
Kuniyuki Iwashima says: ==================== dccp/tcp: Relocate security_inet_conn_request(). security_inet_conn_request() reads reqsk's remote address, but it's not initialised in some places. Let's make sure the address is set before security_inet_conn_request(). ==================== Link: https://lore.kernel.org/r/20231030201042.32885-1-kuniyu@amazon.comSigned-off-by: Paolo Abeni <pabeni@redhat.com>
ff2c051f · Paolo Abeni · a1602d74 · 23be1e0e · ff2c051f · ff2c051f
Commit ff2c051f authored Nov 02, 2023 by Paolo Abeni
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 9 deletions

net/dccp/ipv4.c net/dccp/ipv4.c +3 -3

net/dccp/ipv6.c net/dccp/ipv6.c +3 -3

net/ipv6/syncookies.c net/ipv6/syncookies.c +4 -3

No files found.
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -629,9 +629,6 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
 	if (dccp_parse_options(sk, dreq, skb))
 		goto drop_and_free;
-	if (security_inet_conn_request(sk, skb, req))
-		goto drop_and_free;
 	ireq = inet_rsk(req);
 	sk_rcv_saddr_set(req_to_sk(req), ip_hdr(skb)->daddr);
 	sk_daddr_set(req_to_sk(req), ip_hdr(skb)->saddr);
@@ -639,6 +636,9 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
 	ireq->ireq_family = AF_INET;
 	ireq->ir_iif = READ_ONCE(sk->sk_bound_dev_if);
+	if (security_inet_conn_request(sk, skb, req))
+		goto drop_and_free;
 	/*
 	 * Step 3: Process LISTEN state
 	 *

--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -360,15 +360,15 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
 	if (dccp_parse_options(sk, dreq, skb))
 		goto drop_and_free;
-	if (security_inet_conn_request(sk, skb, req))
-		goto drop_and_free;
 	ireq = inet_rsk(req);
 	ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
 	ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
 	ireq->ireq_family = AF_INET6;
 	ireq->ir_mark = inet_request_mark(sk, skb);
+	if (security_inet_conn_request(sk, skb, req))
+		goto drop_and_free;
 	if (ipv6_opt_accepted(sk, skb, IP6CB(skb)) ||
 	    np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
 	    np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {

--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -181,14 +181,15 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
 	treq = tcp_rsk(req);
 	treq->tfo_listener = false;
-	if (security_inet_conn_request(sk, skb, req))
-		goto out_free;
 	req->mss = mss;
 	ireq->ir_rmt_port = th->source;
 	ireq->ir_num = ntohs(th->dest);
 	ireq->ir_v6_rmt_addr = ipv6_hdr(skb)->saddr;
 	ireq->ir_v6_loc_addr = ipv6_hdr(skb)->daddr;
+	if (security_inet_conn_request(sk, skb, req))
+		goto out_free;
 	if (ipv6_opt_accepted(sk, skb, &TCP_SKB_CB(skb)->header.h6) ||
 	    np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
 	    np->rxopt.bits.rxhlim || np->rxopt.bits.rxohlim) {