[TCP/IPV4]: Fix tcp_tw_bucket accessed as a sock in tcp_bind_conflict().

d8c3d545 · Arnaldo Carvalho de Melo · David S. Miller · fc32c4d8 · d8c3d545
Commit d8c3d545 authored Oct 15, 2003 by Arnaldo Carvalho de Melo Committed by David S. Miller Oct 15, 2003
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 4 deletions

net/ipv4/tcp_ipv4.c net/ipv4/tcp_ipv4.c +10 -4

No files found.
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -178,9 +178,15 @@ void tcp_bind_hash(struct sock *sk, struct tcp_bind_bucket *tb,
 	tcp_sk(sk)->bind_hash = tb;
 }
+static inline const u32 tcp_v4_rcv_saddr(const struct sock *sk)
+{
+	return likely(sk->sk_state != TCP_TIME_WAIT) ?
+		inet_sk(sk)->rcv_saddr : tcptw_sk(sk)->tw_rcv_saddr;
+}
 static inline int tcp_bind_conflict(struct sock *sk, struct tcp_bind_bucket *tb)
 {
-	struct inet_opt *inet = inet_sk(sk);
+	const u32 sk_rcv_saddr = tcp_v4_rcv_saddr(sk);
 	struct sock *sk2;
 	struct hlist_node *node;
 	int reuse = sk->sk_reuse;
@@ -193,9 +199,9 @@ static inline int tcp_bind_conflict(struct sock *sk, struct tcp_bind_bucket *tb)
 		     sk->sk_bound_dev_if == sk2->sk_bound_dev_if)) {
 			if (!reuse || !sk2->sk_reuse ||
 			    sk2->sk_state == TCP_LISTEN) {
-				struct inet_opt *inet2 = inet_sk(sk2);
+				const u32 sk2_rcv_saddr = tcp_v4_rcv_saddr(sk2);
-				if (!inet2->rcv_saddr || !inet->rcv_saddr ||
+				if (!sk2_rcv_saddr || !sk_rcv_saddr ||
-				    inet2->rcv_saddr == inet->rcv_saddr)
+				    sk2_rcv_saddr == sk_rcv_saddr)
 					break;
 			}
 		}