mirror of
https://github.com/torvalds/linux.git
synced 2024-11-12 23:23:03 +00:00
l2tp: handle hash key collisions in l2tp_v3_session_get
To handle colliding l2tpv3 session IDs, l2tp_v3_session_get searches a hashed list keyed by ID and sk. Although unlikely, if hash keys collide, it is possible that hash_for_each_possible loops over a session which doesn't have the ID that we are searching for. So check for session ID match when looping over possible hash key matches. Signed-off-by: James Chapman <jchapman@katalix.com> Signed-off-by: Tom Parkin <tparkin@katalix.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
ebed6606b9
commit
b0a8deda06
@ -291,7 +291,8 @@ struct l2tp_session *l2tp_v3_session_get(const struct net *net, struct sock *sk,
|
||||
*/
|
||||
struct l2tp_tunnel *tunnel = READ_ONCE(session->tunnel);
|
||||
|
||||
if (tunnel && tunnel->sock == sk &&
|
||||
if (session->session_id == session_id &&
|
||||
tunnel && tunnel->sock == sk &&
|
||||
refcount_inc_not_zero(&session->ref_count)) {
|
||||
rcu_read_unlock_bh();
|
||||
return session;
|
||||
|
Loading…
Reference in New Issue
Block a user