Paolo Abeni c5c79763fa mptcp: remove msk from the token container at destruction time. ... Currently we remote the msk from the token container only via mptcp_close(). The MPTCP master socket can be destroyed also via other paths (e.g. if not yet accepted, when shutting down the listener socket). When we hit the latter scenario, dangling msk references are left into the token container, leading to memory corruption and/or UaF. This change addresses the issue by moving the token removal into the msk destructor. Fixes: 79c0949e9a ("mptcp: Add key generation and token tree") Signed-off-by: Paolo Abeni <pabeni@redhat.com> Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2020-05-30 21:39:13 -07:00
..
crypto.c	mptcp: use untruncated hash in ADD_ADDR HMAC	2020-05-22 14:21:24 -07:00
ctrl.c	mptcp: new sysctl to control the activation per NS	2020-01-24 13:44:08 +01:00
diag.c	mptcp: allow dumping subflow context to userspace	2020-03-29 22:14:48 -07:00
Kconfig	mptcp: select CRYPTO	2020-02-16 19:37:16 -08:00
Makefile	mptcp: add netlink-based PM	2020-03-29 22:14:49 -07:00
mib.c	mptcp: add and use MIB counter infrastructure	2020-03-29 22:14:49 -07:00
mib.h	mptcp: add and use MIB counter infrastructure	2020-03-29 22:14:49 -07:00
options.c	mptcp: use untruncated hash in ADD_ADDR HMAC	2020-05-22 14:21:24 -07:00
pm_netlink.c	mptcp/pm_netlink.c : add check for nla_put_in/6_addr	2020-04-23 15:38:10 -07:00
pm.c	mptcp: add some missing pr_fmt defines	2020-04-03 16:06:32 -07:00
protocol.c	mptcp: remove msk from the token container at destruction time.	2020-05-30 21:39:13 -07:00
protocol.h	mptcp: use untruncated hash in ADD_ADDR HMAC	2020-05-22 14:21:24 -07:00
subflow.c	mptcp: use untruncated hash in ADD_ADDR HMAC	2020-05-22 14:21:24 -07:00
token.c	mptcp: fix "fn parameter not described" warnings	2020-04-02 06:59:21 -07:00