From de0a2eb2ef86f6c41157529b827da06f47190e8c Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Fri, 23 Jun 2023 09:59:52 -0400
Subject: tcp: Disallow connecting a disconnected socket

Currently nothing prevents tcp_usr_connect() from attempting to connect
when the socket has been disconnected.  At the moment, doing so triggers
an assertion in in_pcbconnect() because inp_faddr is not unspecified.  I
believe this may have been caught in the past by TIMEWAIT checks, but
those are now removed.

Check for additional socket states in tcp_connect().

Reported by:	syzbot+f0f7871ec5397602b446@syzkaller.appspotmail.com
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D40579
---
 sys/netinet/tcp_usrreq.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index 629b47f04142..cd2263245b56 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -1464,7 +1464,8 @@ tcp_connect(struct tcpcb *tp, struct sockaddr_in *sin, struct thread *td)
 	INP_WLOCK_ASSERT(inp);
 
 	if (__predict_false((so->so_state &
-	    (SS_ISCONNECTING | SS_ISCONNECTED)) != 0))
+	    (SS_ISCONNECTING | SS_ISCONNECTED | SS_ISDISCONNECTING |
+	    SS_ISDISCONNECTED)) != 0))
 		return (EISCONN);
 
 	INP_HASH_WLOCK(&V_tcbinfo);
-- 
cgit v1.2.3