From: Petar Penkov Date: Tue, 27 Aug 2019 23:46:22 +0000 (-0700) Subject: bpf: fix error check in bpf_tcp_gen_syncookie X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=0741be358d5adc266244f909e4434fe17fe1a109;p=openwrt%2Fstaging%2Fblogic.git bpf: fix error check in bpf_tcp_gen_syncookie If a SYN cookie is not issued by tcp_v#_gen_syncookie, then the return value will be exactly 0, rather than <= 0. Let's change the check to reflect that, especially since mss is an unsigned value and cannot be negative. Fixes: 70d66244317e ("bpf: add bpf_tcp_gen_syncookie helper") Reported-by: Stanislav Fomichev Signed-off-by: Petar Penkov Acked-by: Song Liu Signed-off-by: Daniel Borkmann --- diff --git a/net/core/filter.c b/net/core/filter.c index 0c1059cdad3d..17bc9af8f156 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -5903,7 +5903,7 @@ BPF_CALL_5(bpf_tcp_gen_syncookie, struct sock *, sk, void *, iph, u32, iph_len, default: return -EPROTONOSUPPORT; } - if (mss <= 0) + if (mss == 0) return -ENOENT; return cookie | ((u64)mss << 32);