diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2023-06-23 13:59:52 +0000 |
|---|---|---|
| committer | Mark Johnston <markj@FreeBSD.org> | 2023-06-23 14:00:52 +0000 |
| commit | de0a2eb2ef86f6c41157529b827da06f47190e8c (patch) | |
| tree | 8215f3f5066b0a796b29fb40a8674f0445008a50 | |
| parent | 6775ef4188b4d4c023e76ebd2b71fa8c2c7e7cd2 (diff) | |
| download | src-de0a2eb2ef86f6c41157529b827da06f47190e8c.tar.gz src-de0a2eb2ef86f6c41157529b827da06f47190e8c.zip | |
tcp: Disallow connecting a disconnected socket
Currently nothing prevents tcp_usr_connect() from attempting to connect
when the socket has been disconnected. At the moment, doing so triggers
an assertion in in_pcbconnect() because inp_faddr is not unspecified. I
believe this may have been caught in the past by TIMEWAIT checks, but
those are now removed.
Check for additional socket states in tcp_connect().
Reported by: syzbot+f0f7871ec5397602b446@syzkaller.appspotmail.com
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40579
| -rw-r--r-- | sys/netinet/tcp_usrreq.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c index 629b47f04142..cd2263245b56 100644 --- a/sys/netinet/tcp_usrreq.c +++ b/sys/netinet/tcp_usrreq.c @@ -1464,7 +1464,8 @@ tcp_connect(struct tcpcb *tp, struct sockaddr_in *sin, struct thread *td) INP_WLOCK_ASSERT(inp); if (__predict_false((so->so_state & - (SS_ISCONNECTING | SS_ISCONNECTED)) != 0)) + (SS_ISCONNECTING | SS_ISCONNECTED | SS_ISDISCONNECTING | + SS_ISDISCONNECTED)) != 0)) return (EISCONN); INP_HASH_WLOCK(&V_tcbinfo); |