| From a7a849978ccfb72f619c093d1f827209469eb749 Mon Sep 17 00:00:00 2001 |
| From: John Haxby <john.haxby@oracle.com> |
| Date: Sat, 18 Apr 2020 16:30:49 +0100 |
| Subject: [PATCH] ipv6: fix restrict IPV6_ADDRFORM operation |
| |
| commit 82c9ae440857840c56e05d4fb1427ee032531346 upstream. |
| |
| Commit b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation") fixed a |
| problem found by syzbot an unfortunate logic error meant that it |
| also broke IPV6_ADDRFORM. |
| |
| Rearrange the checks so that the earlier test is just one of the series |
| of checks made before moving the socket from IPv6 to IPv4. |
| |
| Fixes: b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation") |
| Signed-off-by: John Haxby <john.haxby@oracle.com> |
| Cc: stable@vger.kernel.org |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c |
| index aa94c015e20b..015d3210c8b7 100644 |
| --- a/net/ipv6/ipv6_sockglue.c |
| +++ b/net/ipv6/ipv6_sockglue.c |
| @@ -183,15 +183,14 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, |
| retv = -EBUSY; |
| break; |
| } |
| - } else if (sk->sk_protocol == IPPROTO_TCP) { |
| - if (sk->sk_prot != &tcpv6_prot) { |
| - retv = -EBUSY; |
| - break; |
| - } |
| - break; |
| - } else { |
| + } |
| + if (sk->sk_protocol == IPPROTO_TCP && |
| + sk->sk_prot != &tcpv6_prot) { |
| + retv = -EBUSY; |
| break; |
| } |
| + if (sk->sk_protocol != IPPROTO_TCP) |
| + break; |
| if (sk->sk_state != TCP_ESTABLISHED) { |
| retv = -ENOTCONN; |
| break; |
| -- |
| 2.7.4 |
| |
