Message ID | 20190425160654.211972-1-willemdebruijn.kernel@gmail.com |
---|---|
State | Accepted |
Delegated to: | David Miller |
Headers | show |
Series | [net] ipv6: invert flowlabel sharing check in process and user mode | expand |
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com> Date: Thu, 25 Apr 2019 12:06:54 -0400 > From: Willem de Bruijn <willemb@google.com> > > A request for a flowlabel fails in process or user exclusive mode must > fail if the caller pid or uid does not match. Invert the test. > > Previously, the test was unsafe wrt PID recycling, but indeed tested > for inequality: fl1->owner != fl->owner > > Fixes: 4f82f45730c68 ("net ip6 flowlabel: Make owner a union of struct pid* and kuid_t") > Signed-off-by: Willem de Bruijn <willemb@google.com> Applied and queued up for -stable, thanks Willem.
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c index cb54a8a3c2735..a05036bc808d5 100644 --- a/net/ipv6/ip6_flowlabel.c +++ b/net/ipv6/ip6_flowlabel.c @@ -633,9 +633,9 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen) if (fl1->share == IPV6_FL_S_EXCL || fl1->share != fl->share || ((fl1->share == IPV6_FL_S_PROCESS) && - (fl1->owner.pid == fl->owner.pid)) || + (fl1->owner.pid != fl->owner.pid)) || ((fl1->share == IPV6_FL_S_USER) && - uid_eq(fl1->owner.uid, fl->owner.uid))) + !uid_eq(fl1->owner.uid, fl->owner.uid))) goto release; err = -ENOMEM;