Skip to content

Commit

Permalink
ipv6: invert flowlabel sharing check in process and user mode
Browse files Browse the repository at this point in the history 
A request for a flowlabel fails in process or user exclusive mode must
fail if the caller pid or uid does not match. Invert the test.

Previously, the test was unsafe wrt PID recycling, but indeed tested
for inequality: fl1->owner != fl->owner

Fixes: 4f82f45 ("net ip6 flowlabel: Make owner a union of struct pid* and kuid_t")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Willem de Bruijn authored and David S. Miller committed Apr 29, 2019
1 parent 6ee12b7 commit 95c1692
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions net/ipv6/ip6_flowlabel.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -633,9 +633,9 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
if (fl1->share == IPV6_FL_S_EXCL ||
fl1->share != fl->share ||
((fl1->share == IPV6_FL_S_PROCESS) &&
(fl1->owner.pid == fl->owner.pid)) ||
(fl1->owner.pid != fl->owner.pid)) ||
((fl1->share == IPV6_FL_S_USER) &&
uid_eq(fl1->owner.uid, fl->owner.uid)))
!uid_eq(fl1->owner.uid, fl->owner.uid)))
goto release;

err = -ENOMEM;
Expand Down

0 comments on commit 95c1692

Please sign in to comment.