From nobody Thu Oct 31 16:49:53 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XfVN14KWZz5c1lr; Thu, 31 Oct 2024 16:49:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XfVN13XHZz4jl6; Thu, 31 Oct 2024 16:49:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1730393393; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yPzh4t+AObM4djCyeWQbPl1DfADn6QCVmfJ/unv5Gbk=; b=t0Dhwtd038gbpaX65/YBDeh6oo8igJhJoKZf6P9dV/6MGRM3sz/vDDHSscVoBy5eSgpV09 U9yWcftW2P3AoOVmtsOA56gpq/+W+8ryJxwb4rHQE+AqwsEghJ7fnNCYPF7oJEnDBf4cX7 j8wOjWn1wQJULEIS9oh6Yy6pdR0v96Dji6khvvV/BTiapaiNgfW5Dorv6ZLrdzuHc8fRe0 Z/A9iIUtOl7KJBROwv/hnRge04Bgvm6lFI7SRBPxJCfMUJa8y2bNVudjegJYVcu6apbXlt zi9/q7d63vSjevTwSbDjnQe5BQ8Vz92n40ycAF6/8+DS6dQ2N9Z3wbLXWe06Zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1730393393; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yPzh4t+AObM4djCyeWQbPl1DfADn6QCVmfJ/unv5Gbk=; b=SNdaPTbGAR1Jy3R6q1CtWRKoJbzsI+YVJbWDmQOY2NqzHAXT1yCNfeUDevdxWRniEODcif B/q35FJFPsH3LoMIHoiuiA+upkB8pD/OOsvJ0vRP893aSN/HrFucjgwiEOhB7c2cSB4wkJ GKWksacBprw7M8gOHnB2sWJciZVGwn2puogJKgeXY15Mt/awwv1R/iTbjgdPHEZNweOItS jTZS8JzXb5VTJk6uAoYlp7cRsa3SA6WpC/St+nvX9MfDeMldTaNxuOPlqj3f6E/qePPASl UnNGmHnk+ZSMpjBZq6Bf1QUKCCL8dXkUJRnSNRGNLC2N/P5tXJK7kcuZYsv5FQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1730393393; a=rsa-sha256; cv=none; b=cZYMP5kEIUwBIIsJFUYyfkHFU/DXPBW3s5I4fc7FgD/OtGrpXFNy7st6E929/6bmXVquWS nluCk6KMeTYpNaZRRthysgvjUaqKnBwXZ7/b7pVuAw4rplMXk5whIDY/+ca9yZEtXE/xdg zSMVuundsodhE5WW3rHVyphwXqWT1Fz2oDa8KK3gGj1DBe8S+KYTqAt1f/2FygIxwZ6+Lp KZ224ctH3vDsKbdk83wwM+9Tst47hrSJ1Wwtl6eMtBm5thsGBRDf4nQRG6li03D0YexG3p 32CxmVnegYTJkJD4SitoIgKx23YQc2hi58SDcPd6m716/xM+cO8DWeF44l1gJw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XfVN137TfzkZS; Thu, 31 Oct 2024 16:49:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 49VGnr6N052781; Thu, 31 Oct 2024 16:49:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 49VGnr2R052778; Thu, 31 Oct 2024 16:49:53 GMT (envelope-from git) Date: Thu, 31 Oct 2024 16:49:53 GMT Message-Id: <202410311649.49VGnr2R052778@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Michael Tuexen Subject: git: cdd0ab2374a0 - stable/13 - tcp: improve MAC error handling for SYN segments List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: tuexen X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: cdd0ab2374a033dadefefab94977aaa38a4af57f Auto-Submitted: auto-generated The branch stable/13 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=cdd0ab2374a033dadefefab94977aaa38a4af57f commit cdd0ab2374a033dadefefab94977aaa38a4af57f Author: Michael Tuexen AuthorDate: 2024-09-26 06:10:01 +0000 Commit: Michael Tuexen CommitDate: 2024-10-31 16:49:27 +0000 tcp: improve MAC error handling for SYN segments Don't leak a maclabel when SYN segments are processed which results in an error due to MD5 signature handling. Tweak the #idef MAC to allow additional upcoming changes. Reviewed by: markj Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D46766 (cherry picked from commit 78e1b031d2e8ef0e1cbc8874891f5476dc7868bc) --- sys/netinet/tcp_syncache.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 111f591c5851..d4e21edc1713 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1408,7 +1408,7 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, int autoflowlabel = 0; #endif #ifdef MAC - struct label *maclabel; + struct label *maclabel = NULL; #endif struct syncache scs; struct ucred *cred; @@ -1806,10 +1806,11 @@ donenoprobe: tfo_expanded: if (cred != NULL) crfree(cred); + if (sc == NULL || sc == &scs) { #ifdef MAC - if (sc == &scs) mac_syncache_destroy(&maclabel); #endif + } return (rv); }