Skip to content

Commit 1e306ec

Browse files
edumazetdavem330
edumazet
authored and
davem330
committed
tcp: fix possible sk_priority leak in tcp_v4_send_reset()
When tcp_v4_send_reset() is called with @sk == NULL, we do not change ctl_sk->sk_priority, which could have been set from a prior invocation. Change tcp_v4_send_reset() to set sk_priority and sk_mark fields before calling ip_send_unicast_reply(). This means tcp_v4_send_reset() and tcp_v4_send_ack() no longer have to clear ctl_sk->sk_mark after their call to ip_send_unicast_reply(). Fixes: f6c0f5d ("tcp: honor SO_PRIORITY in TIME_WAIT state") Signed-off-by: Eric Dumazet <[email protected]> Cc: Antoine Tenart <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent 6d4486e commit 1e306ec

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

net/ipv4/tcp_ipv4.c

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -829,14 +829,16 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb)
829829
inet_twsk(sk)->tw_priority : sk->sk_priority;
830830
transmit_time = tcp_transmit_time(sk);
831831
xfrm_sk_clone_policy(ctl_sk, sk);
832+
} else {
833+
ctl_sk->sk_mark = 0;
834+
ctl_sk->sk_priority = 0;
832835
}
833836
ip_send_unicast_reply(ctl_sk,
834837
skb, &TCP_SKB_CB(skb)->header.h4.opt,
835838
ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
836839
&arg, arg.iov[0].iov_len,
837840
transmit_time);
838841

839-
ctl_sk->sk_mark = 0;
840842
xfrm_sk_free_policy(ctl_sk);
841843
sock_net_set(ctl_sk, &init_net);
842844
__TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
@@ -935,7 +937,6 @@ static void tcp_v4_send_ack(const struct sock *sk,
935937
&arg, arg.iov[0].iov_len,
936938
transmit_time);
937939

938-
ctl_sk->sk_mark = 0;
939940
sock_net_set(ctl_sk, &init_net);
940941
__TCP_INC_STATS(net, TCP_MIB_OUTSEGS);
941942
local_bh_enable();

0 commit comments

Comments
 (0)