[net] net/tcp_ao: Don't leak ao_info on error-path

Commit Message

Dmitry Safonov via B4 Relay June 19, 2024, 12:29 a.m. UTC

From: Dmitry Safonov <0x7f454c46@gmail.com>

It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on
version 5 [1] of TCP-AO patches. Quite frustrative that having all these
selftests that I've written, running kmemtest & kcov was always in todo.

[1]: https://lore.kernel.org/netdev/20230215183335.800122-5-dima@arista.com/

Reported-by: Jakub Kicinski <kuba@kernel.org>
Closes: https://lore.kernel.org/netdev/20240617072451.1403e1d2@kernel.org/
Fixes: 0aadc73995d0 ("net/tcp: Prevent TCP-MD5 with TCP-AO being set")
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Safonov <0x7f454c46@gmail.com>
---
 net/ipv4/tcp_ao.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)


---
base-commit: 92e5605a199efbaee59fb19e15d6cc2103a04ec2
change-id: 20240619-tcp-ao-required-leak-22b4a9b6d743

Best regards,

Comments

Eric Dumazet June 19, 2024, 3:19 p.m. UTC | #1

On Wed, Jun 19, 2024 at 2:29 AM Dmitry Safonov via B4 Relay
<devnull+0x7f454c46.gmail.com@kernel.org> wrote:
>
> From: Dmitry Safonov <0x7f454c46@gmail.com>
>
> It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on
> version 5 [1] of TCP-AO patches. Quite frustrative that having all these
> selftests that I've written, running kmemtest & kcov was always in todo.
>
> [1]: https://lore.kernel.org/netdev/20230215183335.800122-5-dima@arista.com/
>
> Reported-by: Jakub Kicinski <kuba@kernel.org>
> Closes: https://lore.kernel.org/netdev/20240617072451.1403e1d2@kernel.org/
> Fixes: 0aadc73995d0 ("net/tcp: Prevent TCP-MD5 with TCP-AO being set")
> Cc: stable@vger.kernel.org
> Signed-off-by: Dmitry Safonov <0x7f454c46@gmail.com>

Reviewed-by: Eric Dumazet <edumazet@google.com>

patchwork-bot+netdevbpf@kernel.org June 20, 2024, 12:40 a.m. UTC | #2

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Wed, 19 Jun 2024 01:29:04 +0100 you wrote:
> From: Dmitry Safonov <0x7f454c46@gmail.com>
> 
> It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on
> version 5 [1] of TCP-AO patches. Quite frustrative that having all these
> selftests that I've written, running kmemtest & kcov was always in todo.
> 
> [1]: https://lore.kernel.org/netdev/20230215183335.800122-5-dima@arista.com/
> 
> [...]

Here is the summary with links:
  - [net] net/tcp_ao: Don't leak ao_info on error-path
    https://git.kernel.org/netdev/net/c/f9ae84890428

You are awesome, thank you!

Patch

diff --git a/net/ipv4/tcp_ao.c b/net/ipv4/tcp_ao.c
index 37c42b63ff99..09c0fa6756b7 100644
--- a/net/ipv4/tcp_ao.c
+++ b/net/ipv4/tcp_ao.c
@@ -1968,8 +1968,10 @@  static int tcp_ao_info_cmd(struct sock *sk, unsigned short int family,
 		first = true;
 	}
 
-	if (cmd.ao_required && tcp_ao_required_verify(sk))
-		return -EKEYREJECTED;
+	if (cmd.ao_required && tcp_ao_required_verify(sk)) {
+		err = -EKEYREJECTED;
+		goto out;
+	}
 
 	/* For sockets in TCP_CLOSED it's possible set keys that aren't
 	 * matching the future peer (address/port/VRF/etc),