ipv6: fix restrict IPV6_ADDRFORM operation

Commit b6f6118901 ("ipv6: restrict IPV6_ADDRFORM operation") fixed a
problem found by syzbot an unfortunate logic error meant that it
also broke IPV6_ADDRFORM.

Rearrange the checks so that the earlier test is just one of the series
of checks made before moving the socket from IPv6 to IPv4.

Fixes: b6f6118901 ("ipv6: restrict IPV6_ADDRFORM operation")
Signed-off-by: John Haxby <john.haxby@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
John Haxby 2020-04-18 16:30:49 +01:00 committed by David S. Miller
parent bdbe05b381
commit 82c9ae4408
1 changed files with 6 additions and 7 deletions

View File

@ -183,15 +183,14 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
retv = -EBUSY; retv = -EBUSY;
break; break;
} }
} else if (sk->sk_protocol == IPPROTO_TCP) { }
if (sk->sk_prot != &tcpv6_prot) { if (sk->sk_protocol == IPPROTO_TCP &&
retv = -EBUSY; sk->sk_prot != &tcpv6_prot) {
break; retv = -EBUSY;
}
break;
} else {
break; break;
} }
if (sk->sk_protocol != IPPROTO_TCP)
break;
if (sk->sk_state != TCP_ESTABLISHED) { if (sk->sk_state != TCP_ESTABLISHED) {
retv = -ENOTCONN; retv = -ENOTCONN;
break; break;