From nobody Thu Oct 31 13:55:26 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XfQVk3rLBz5bknD; Thu, 31 Oct 2024 13:55:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XfQVk3PJqz3xgJ; Thu, 31 Oct 2024 13:55:26 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1730382926; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g1dCY1ZEZEJtEKNKPtD8oZ1oSOG9M+DjL3P0lxcRXS8=; b=OwfJSiyApcOsZRvor/mM7FfbApjItwWTI//q39zHTuEYdOwesAjbjzuyDTtv+CLUTTql6u rFRUWUN/3ZS/JjxP7dGt9N5rBq4QdYIbYh7ybrdwbw5FscoQtxo4qz2oO3eg3vX+pKB9fp cEtC8obA21K2iHJ+QmDdw8DmBuayFNq+kKBQvdd4pLdPNQ74OTZF5eDaWZrtEOA79UfLyy GoiYSHTMXP9ZKW0JqYGphNICfk28ZdykJnaHDwCHVwtivn8vvZ4W6uOOjALLnnkrYynRtX obaMCwUTi18a3m6F7sJxps1E1U1D6VgLFTrHdbCFwPEHjb8NG1PjL9J9XOSKfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1730382926; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=g1dCY1ZEZEJtEKNKPtD8oZ1oSOG9M+DjL3P0lxcRXS8=; b=jq+U6DpeRZPZhnO80rSlYMNGgf2gFNo2qqAUNWAhtBChqiP1/4A+dBGb47wi1dGU4Q7EXA ddy9+BxvRD7L1ASL6y4xozqwREpYd9QoOO6bRRHlsBiFt4TMORTBBA6lmI3ojlCrCp/PUN 4rrI0OH4fExkqEdklPkmxj1qeFuqMls3tkrVqb+33mWUNKqp2oYTAn/2bv7JXhrRlD3Bjy 7DiKbismVXhTfd/CmFR+XZdRf5XPsAVRwYhRHqRapWWl+6z19V+h9xucTGlRq+8g2mheDg vV0juiRqazlbxSUdAqNQ1CpvSxIh7MNXTe/GRqolSctDAoyAiA95/ee7T0sKQg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1730382926; a=rsa-sha256; cv=none; b=ydARtVSHuRMYDfeykEwgkds1s6MBlZH0zjkK3PyHKy3lOafZveR6oFaKvKMwVQqz91Jk78 n//VxqWEEx06aMkeqom3CaafUHUduSbYv7B3iCqCwZILkKRgNfmqJPyN6fYQunyAis9xM9 5rpj0S+JSOyEbFUn5DFEKbLx8xwRZ4lJ2XxGBl0rE0aPTuT+S4AGm6oDwowZs7QNAKWOX3 +RFmf2jUdZblGzPXRkxx0aPgiHXYk4K7xAj2l8xL/M2EXhFDBms/bxIhc5lrSsFK2vjPyp xby0pF/nYxt4VLs3I8repBhVo88ZUbTHi0k/pjeR5FRAf9vRrH+XGtbk+bu3aQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XfQVk30nlzdh2; Thu, 31 Oct 2024 13:55:26 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 49VDtQJP028408; Thu, 31 Oct 2024 13:55:26 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 49VDtQxf028405; Thu, 31 Oct 2024 13:55:26 GMT (envelope-from git) Date: Thu, 31 Oct 2024 13:55:26 GMT Message-Id: <202410311355.49VDtQxf028405@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: 2f5ac48d9b6d - stable/14 - tcp: improve MAC error handling for SYN segments List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 2f5ac48d9b6d7bd8928604f8259c48ad4246e7ae Auto-Submitted: auto-generated The branch stable/14 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=2f5ac48d9b6d7bd8928604f8259c48ad4246e7ae commit 2f5ac48d9b6d7bd8928604f8259c48ad4246e7ae Author: Michael Tuexen AuthorDate: 2024-09-26 06:10:01 +0000 Commit: Michael Tuexen CommitDate: 2024-10-31 11:33:35 +0000 tcp: improve MAC error handling for SYN segments Don't leak a maclabel when SYN segments are processed which results in an error due to MD5 signature handling. Tweak the #idef MAC to allow additional upcoming changes. Reviewed by: markj Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D46766 (cherry picked from commit 78e1b031d2e8ef0e1cbc8874891f5476dc7868bc) --- sys/netinet/tcp_syncache.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index b6318ec23556..fa64d2d79c3b 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1382,7 +1382,7 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, int autoflowlabel = 0; #endif #ifdef MAC - struct label *maclabel; + struct label *maclabel = NULL; #endif struct syncache scs; struct ucred *cred; @@ -1773,10 +1773,11 @@ donenoprobe: tfo_expanded: if (cred != NULL) crfree(cred); + if (sc == NULL || sc == &scs) { #ifdef MAC - if (sc == &scs) mac_syncache_destroy(&maclabel); #endif + } return (rv); }