Paolo Abeni 4b5af44129 mptcp: don't leak msk in token container ... If a listening MPTCP socket has unaccepted sockets at close time, the related msks are freed via mptcp_sock_destruct(), which in turn does not invoke the proto->destroy() method nor the mptcp_token_destroy() function. Due to the above, the child msk socket is not removed from the token container, leading to later UaF. Address the issue explicitly removing the token even in the above error path. Fixes: 79c0949e9a ("mptcp: Add key generation and token tree") Signed-off-by: Paolo Abeni <pabeni@redhat.com> Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: David S. Miller <davem@davemloft.net>		2020-06-10 16:07:00 -07:00
..
Kconfig	mptcp: select CRYPTO	2020-02-16 19:37:16 -08:00
Makefile	mptcp: add netlink-based PM	2020-03-29 22:14:49 -07:00
crypto.c	Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6	2020-06-01 12:00:10 -07:00
ctrl.c	mptcp: new sysctl to control the activation per NS	2020-01-24 13:44:08 +01:00
diag.c	mptcp: allow dumping subflow context to userspace	2020-03-29 22:14:48 -07:00
mib.c	mptcp: add and use MIB counter infrastructure	2020-03-29 22:14:49 -07:00
mib.h	mptcp: add and use MIB counter infrastructure	2020-03-29 22:14:49 -07:00
options.c	mptcp: bugfix for RM_ADDR option parsing	2020-06-08 19:09:41 -07:00
pm.c	mptcp: add some missing pr_fmt defines	2020-04-03 16:06:32 -07:00
pm_netlink.c	mptcp/pm_netlink.c : add check for nla_put_in/6_addr	2020-04-23 15:38:10 -07:00
protocol.c	mptcp: fix races between shutdown and recvmsg	2020-06-10 13:34:14 -07:00
protocol.h	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-05-24 13:47:27 -07:00
subflow.c	mptcp: don't leak msk in token container	2020-06-10 16:07:00 -07:00
token.c	mptcp: fix "fn parameter not described" warnings	2020-04-02 06:59:21 -07:00