From: Paolo Abeni <pabeni@redhat.com>
Date: Thu, 30 Apr 2020 13:03:22 +0000 (+0200)
Subject: mptcp: fix uninitialized value access
X-Git-Tag: v5.7-rc5~30^2~58
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ac2b47fb92c50682d89d7350a491a6a392bac5dd;p=thirdparty%2Flinux.git

mptcp: fix uninitialized value access

tcp_v{4,6}_syn_recv_sock() set 'own_req' only when returning
a not NULL 'child', let's check 'own_req' only if child is
available to avoid an - unharmful - UBSAN splat.

v1 -> v2:
 - reference the correct hash

Fixes: 4c8941de781c ("mptcp: avoid flipping mp_capable field in syn_recv_sock()")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c
index bad9985297671..67a4e35d48384 100644
--- a/net/mptcp/subflow.c
+++ b/net/mptcp/subflow.c
@@ -523,7 +523,7 @@ out:
 	/* check for expected invariant - should never trigger, just help
 	 * catching eariler subtle bugs
 	 */
-	WARN_ON_ONCE(*own_req && child && tcp_sk(child)->is_mptcp &&
+	WARN_ON_ONCE(child && *own_req && tcp_sk(child)->is_mptcp &&
 		     (!mptcp_subflow_ctx(child) ||
 		      !mptcp_subflow_ctx(child)->conn));
 	return child;