mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2024-11-23 07:31:31 +00:00
Code Issues Releases Activity

tcp: improve MAC error handling for SYN segments

Browse Source 
Don't leak a maclabel when SYN segments are processed which results
in an error due to MD5 signature handling.
Tweak the #idef MAC to allow additional upcoming changes.

Reviewed by:		markj
MFC after:		1 week
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D46766
This commit is contained in:
Michael Tuexen 2024-09-26 08:10:01 +02:00
parent 2fb778fab8
commit 78e1b031d2
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sys/netinet/tcp_syncache.c
View File

@ -1372,7 +1372,7 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
int autoflowlabel = 0;
#endif
#ifdef MAC
struct label *maclabel;
struct label *maclabel = NULL;
#endif
struct syncache scs;
struct ucred *cred;
@ -1763,10 +1763,11 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
tfo_expanded:
if (cred != NULL)
crfree(cred);
if (sc == NULL || sc == &scs) {
#ifdef MAC
if (sc == &scs)
mac_syncache_destroy(&maclabel);
#endif
}
return (rv);
}