rxrpc: Check the source of a packet to a client conn

When looking up a client connection to which to route a packet, we need to
check that the packet came from the correct source so that a peer can't try
to muck around with another peer's connection.

Signed-off-by: David Howells <dhowells@redhat.com>

diff --git a/net/rxrpc/conn_object.c b/net/rxrpc/conn_object.c
index c86a3cff75855e611edc07c2db134d602a39b679..2c2456ff2853d7c065778e4cd858d52a3c8c8843 100644 (file)
--- a/net/rxrpc/conn_object.c
+++ b/net/rxrpc/conn_object.c
@@ -508,7 +508,9 @@ struct rxrpc_connection *rxrpc_find_connection(struct rxrpc_local *local,
                }
        } else {
                conn = idr_find(&rxrpc_client_conn_ids, cid >> RXRPC_CIDSHIFT);
-               if (conn && conn->proto.epoch == epoch)
+               if (conn &&
+                   conn->proto.epoch == epoch &&
+                   conn->params.peer == peer)
                        goto found;
        }