Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 Oct 2024 13:55:26 GMT
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 2f5ac48d9b6d - stable/14 - tcp: improve MAC error handling for SYN segments
Message-ID:  <202410311355.49VDtQxf028405@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/14 has been updated by tuexen:

URL: https://cgit.FreeBSD.org/src/commit/?id=2f5ac48d9b6d7bd8928604f8259c48ad4246e7ae

commit 2f5ac48d9b6d7bd8928604f8259c48ad4246e7ae
Author:     Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-09-26 06:10:01 +0000
Commit:     Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-10-31 11:33:35 +0000

    tcp: improve MAC error handling for SYN segments
    
    Don't leak a maclabel when SYN segments are processed which results
    in an error due to MD5 signature handling.
    Tweak the #idef MAC to allow additional upcoming changes.
    
    Reviewed by:            markj
    Sponsored by:           Netflix, Inc.
    Differential Revision:  https://reviews.freebsd.org/D46766
    
    (cherry picked from commit 78e1b031d2e8ef0e1cbc8874891f5476dc7868bc)
---
 sys/netinet/tcp_syncache.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index b6318ec23556..fa64d2d79c3b 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -1382,7 +1382,7 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
 	int autoflowlabel = 0;
 #endif
 #ifdef MAC
-	struct label *maclabel;
+	struct label *maclabel = NULL;
 #endif
 	struct syncache scs;
 	struct ucred *cred;
@@ -1773,10 +1773,11 @@ donenoprobe:
 tfo_expanded:
 	if (cred != NULL)
 		crfree(cred);
+	if (sc == NULL || sc == &scs) {
 #ifdef MAC
-	if (sc == &scs)
 		mac_syncache_destroy(&maclabel);
 #endif
+	}
 	return (rv);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202410311355.49VDtQxf028405>