From f12f1d63f0827600b722dfa1f017b4d5b676213a Mon Sep 17 00:00:00 2001 From: delphij Date: Tue, 16 Sep 2014 09:50:19 +0000 Subject: [PATCH] Fix Denial of Service in TCP packet processing. Security: FreeBSD-SA-14:19.tcp Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.0@271669 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- UPDATING | 3 +++ sys/conf/newvers.sh | 2 +- sys/netinet/tcp_input.c | 6 +----- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/UPDATING b/UPDATING index 8e6f6b33..125e2c09 100644 --- a/UPDATING +++ b/UPDATING @@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20140916: p9 FreeBSD-SA-14:19.tcp + Fix Denial of Service in TCP packet processing. [SA-14:19] + 20140909: p8 FreeBSD-SA-14:18.openssl Fix OpenSSL multiple vulnerabilities. [SA-14:18] diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 8674d80d..9726963d 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.0" -BRANCH="RELEASE-p8" +BRANCH="RELEASE-p9" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index c3eecef6..d1a8b010 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -2202,11 +2202,7 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, todrop = tp->rcv_nxt - th->th_seq; if (todrop > 0) { - /* - * If this is a duplicate SYN for our current connection, - * advance over it and pretend and it's not a SYN. - */ - if (thflags & TH_SYN && th->th_seq == tp->irs) { + if (thflags & TH_SYN) { thflags &= ~TH_SYN; th->th_seq++; if (th->th_urp > 1) -- 2.42.0