git: de0a2eb2ef86 - main - tcp: Disallow connecting a disconnected socket
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 23 Jun 2023 15:09:56 UTC
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=de0a2eb2ef86f6c41157529b827da06f47190e8c
commit de0a2eb2ef86f6c41157529b827da06f47190e8c
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2023-06-23 13:59:52 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2023-06-23 14:00:52 +0000
tcp: Disallow connecting a disconnected socket
Currently nothing prevents tcp_usr_connect() from attempting to connect
when the socket has been disconnected. At the moment, doing so triggers
an assertion in in_pcbconnect() because inp_faddr is not unspecified. I
believe this may have been caught in the past by TIMEWAIT checks, but
those are now removed.
Check for additional socket states in tcp_connect().
Reported by: syzbot+f0f7871ec5397602b446@syzkaller.appspotmail.com
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40579
---
sys/netinet/tcp_usrreq.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index 629b47f04142..cd2263245b56 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -1464,7 +1464,8 @@ tcp_connect(struct tcpcb *tp, struct sockaddr_in *sin, struct thread *td)
INP_WLOCK_ASSERT(inp);
if (__predict_false((so->so_state &
- (SS_ISCONNECTING | SS_ISCONNECTED)) != 0))
+ (SS_ISCONNECTING | SS_ISCONNECTED | SS_ISDISCONNECTING |
+ SS_ISDISCONNECTED)) != 0))
return (EISCONN);
INP_HASH_WLOCK(&V_tcbinfo);