Commit 89e23277 authored by Eric Dumazet's avatar Eric Dumazet Committed by Jakub Kicinski

mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN

mptcp_parse_option() currently sets OPTIONS_MPTCP_MPJ, for the three
possible cases handled for MPTCPOPT_MP_JOIN option.

OPTIONS_MPTCP_MPJ is the combination of three flags:
- OPTION_MPTCP_MPJ_SYN
- OPTION_MPTCP_MPJ_SYNACK
- OPTION_MPTCP_MPJ_ACK

This is a problem, because backup, join_id, token, nonce and/or hmac fields
could be left uninitialized in some cases.

Distinguish the three cases, as following patches will need this step.

Fixes: f296234c ("mptcp: Add handling of incoming MP_JOIN requests")
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: Peter Krystad <peter.krystad@linux.intel.com>
Cc: Matthieu Baerts <matttbe@kernel.org>
Cc: Mat Martineau <martineau@kernel.org>
Cc: Geliang Tang <geliang.tang@linux.dev>
Reviewed-by: default avatarSimon Horman <horms@kernel.org>
Acked-by: default avatarPaolo Abeni <pabeni@redhat.com>
Reviewed-by: default avatarMat Martineau <martineau@kernel.org>
Link: https://lore.kernel.org/r/20240111194917.4044654-2-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent cbdd50ec
...@@ -123,8 +123,8 @@ static void mptcp_parse_option(const struct sk_buff *skb, ...@@ -123,8 +123,8 @@ static void mptcp_parse_option(const struct sk_buff *skb,
break; break;
case MPTCPOPT_MP_JOIN: case MPTCPOPT_MP_JOIN:
mp_opt->suboptions |= OPTIONS_MPTCP_MPJ;
if (opsize == TCPOLEN_MPTCP_MPJ_SYN) { if (opsize == TCPOLEN_MPTCP_MPJ_SYN) {
mp_opt->suboptions |= OPTION_MPTCP_MPJ_SYN;
mp_opt->backup = *ptr++ & MPTCPOPT_BACKUP; mp_opt->backup = *ptr++ & MPTCPOPT_BACKUP;
mp_opt->join_id = *ptr++; mp_opt->join_id = *ptr++;
mp_opt->token = get_unaligned_be32(ptr); mp_opt->token = get_unaligned_be32(ptr);
...@@ -135,6 +135,7 @@ static void mptcp_parse_option(const struct sk_buff *skb, ...@@ -135,6 +135,7 @@ static void mptcp_parse_option(const struct sk_buff *skb,
mp_opt->backup, mp_opt->join_id, mp_opt->backup, mp_opt->join_id,
mp_opt->token, mp_opt->nonce); mp_opt->token, mp_opt->nonce);
} else if (opsize == TCPOLEN_MPTCP_MPJ_SYNACK) { } else if (opsize == TCPOLEN_MPTCP_MPJ_SYNACK) {
mp_opt->suboptions |= OPTION_MPTCP_MPJ_SYNACK;
mp_opt->backup = *ptr++ & MPTCPOPT_BACKUP; mp_opt->backup = *ptr++ & MPTCPOPT_BACKUP;
mp_opt->join_id = *ptr++; mp_opt->join_id = *ptr++;
mp_opt->thmac = get_unaligned_be64(ptr); mp_opt->thmac = get_unaligned_be64(ptr);
...@@ -145,11 +146,10 @@ static void mptcp_parse_option(const struct sk_buff *skb, ...@@ -145,11 +146,10 @@ static void mptcp_parse_option(const struct sk_buff *skb,
mp_opt->backup, mp_opt->join_id, mp_opt->backup, mp_opt->join_id,
mp_opt->thmac, mp_opt->nonce); mp_opt->thmac, mp_opt->nonce);
} else if (opsize == TCPOLEN_MPTCP_MPJ_ACK) { } else if (opsize == TCPOLEN_MPTCP_MPJ_ACK) {
mp_opt->suboptions |= OPTION_MPTCP_MPJ_ACK;
ptr += 2; ptr += 2;
memcpy(mp_opt->hmac, ptr, MPTCPOPT_HMAC_LEN); memcpy(mp_opt->hmac, ptr, MPTCPOPT_HMAC_LEN);
pr_debug("MP_JOIN hmac"); pr_debug("MP_JOIN hmac");
} else {
mp_opt->suboptions &= ~OPTIONS_MPTCP_MPJ;
} }
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment