• P
    mptcp: fix NULL ptr dereference in MP_JOIN error path · 39884604
    Paolo Abeni 提交于
    When token lookup on MP_JOIN 3rd ack fails, the server
    socket closes with a reset the incoming child. Such socket
    has the 'is_mptcp' flag set, but no msk socket associated
    - due to the failed lookup.
    
    While crafting the reset packet mptcp_established_options_mp()
    will try to dereference the child's master socket, causing
    a NULL ptr dereference.
    
    This change addresses the issue with explicit fallback to
    TCP in such error path.
    
    Fixes: 729cd643 ("mptcp: cope better with MP_JOIN failure")
    Signed-off-by: NPaolo Abeni <pabeni@redhat.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    39884604
subflow.c 33.8 KB