tcp: fix syn cookied MPTCP request socket leak

If a syn-cookies request socket don't pass MPTCP-level validation done in syn_recv_sock(), we need to release it immediately, or it will be leaked. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/89 Fixes: 9466a1cc ("mptcp: enable JOIN requests even if cookies are in use") Reported-and-tested-by: N Geliang Tang <geliangtang@gmail.com> Reviewed-by: N Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: N Paolo Abeni <pabeni@redhat.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

tcp: fix syn cookied MPTCP request socket leak
If a syn-cookies request socket don't pass MPTCP-level validation done in syn_recv_sock(), we need to release it immediately, or it will be leaked. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/89 Fixes: 9466a1cc ("mptcp: enable JOIN requests even if cookies are in use") Reported-and-tested-by: N Geliang Tang <geliangtang@gmail.com> Reviewed-by: N Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: N Paolo Abeni <pabeni@redhat.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
9d8c05ad · Paolo Abeni · David S. Miller · e7d4005d · 9d8c05ad
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

net/ipv4/syncookies.c net/ipv4/syncookies.c +1 -1

未找到文件。
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -214,7 +214,7 @@ struct sock *tcp_get_cookie_sock(struct sock *sk, struct sk_buff *skb,
 		sock_rps_save_rxhash(child, skb);

 		if (rsk_drop_req(req)) {
-			refcount_set(&req->rsk_refcnt, 2);
+			reqsk_put(req);
 			return child;
 		}