GuillaumeHemmen/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2024-11-01 13:03:25 +01:00
Code Issues Projects Releases Packages Wiki Activity

l2tp: handle hash key collisions in l2tp_v3_session_get

Browse source 
To handle colliding l2tpv3 session IDs, l2tp_v3_session_get searches a
hashed list keyed by ID and sk. Although unlikely, if hash keys
collide, it is possible that hash_for_each_possible loops over a
session which doesn't have the ID that we are searching for. So check
for session ID match when looping over possible hash key matches.

Signed-off-by: James Chapman <jchapman@katalix.com>
Signed-off-by: Tom Parkin <tparkin@katalix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
James Chapman 2024-08-07 07:54:47 +01:00 committed by David S. Miller
parent ebed6606b9
commit b0a8deda06
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
net/l2tp/l2tp_core.c
View file

@ -291,7 +291,8 @@ struct l2tp_session *l2tp_v3_session_get(const struct net *net, struct sock *sk,
*/
struct l2tp_tunnel *tunnel = READ_ONCE(session->tunnel);
if (tunnel && tunnel->sock == sk &&
if (session->session_id == session_id &&
tunnel && tunnel->sock == sk &&
refcount_inc_not_zero(&session->ref_count)) {
rcu_read_unlock_bh();
return session;