From 70d50582a49fa6d63a4963d7a4d7af142820626a Mon Sep 17 00:00:00 2001
From: gordon <gordon@FreeBSD.org>
Date: Thu, 19 Mar 2020 16:46:01 +0000
Subject: [PATCH] Fix TCP IPv6 SYN cache kernel information disclosure.

Approved by:	so
Security:	FreeBSD-SA-20:04.tcp
Security:	CVE-2020-7451
---
 sys/netinet/tcp_syncache.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index 132726e7e0a..4b6e6201ebc 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -1679,7 +1679,8 @@ syncache_respond(struct syncache *sc, struct syncache_head *sch, int locked,
 		ip6->ip6_dst = sc->sc_inc.inc6_faddr;
 		ip6->ip6_plen = htons(tlen - hlen);
 		/* ip6_hlim is set after checksum */
-		ip6->ip6_flow &= ~IPV6_FLOWLABEL_MASK;
+		/* Zero out traffic class and flow label. */
+		ip6->ip6_flow &= ~IPV6_FLOWINFO_MASK;
 		ip6->ip6_flow |= sc->sc_flowlabel;
 
 		th = (struct tcphdr *)(ip6 + 1);
-- 
2.45.0