From 32ab68c3e9074d56fe36e5d462893117d1de71f2 Mon Sep 17 00:00:00 2001
From: delphij <delphij@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Tue, 16 Sep 2014 09:48:35 +0000
Subject: [PATCH] Fix Denial of Service in TCP packet processing.

Security:	FreeBSD-SA-14:19.tcp
Approved by:	re (implicit, security advisory)


git-svn-id: svn://svn.freebsd.org/base/stable/10@271667 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 sys/netinet/tcp_input.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 737e88aee..d8d550a83 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -2176,11 +2176,7 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so,
 
 	todrop = tp->rcv_nxt - th->th_seq;
 	if (todrop > 0) {
-		/*
-		 * If this is a duplicate SYN for our current connection,
-		 * advance over it and pretend and it's not a SYN.
-		 */
-		if (thflags & TH_SYN && th->th_seq == tp->irs) {
+		if (thflags & TH_SYN) {
 			thflags &= ~TH_SYN;
 			th->th_seq++;
 			if (th->th_urp > 1)
-- 
2.45.0