[Midnightbsd-cvs] src [6767] stable/0.5: 20140916:
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Tue Sep 16 19:41:17 EDT 2014
Revision: 6767
http://svnweb.midnightbsd.org/src/?rev=6767
Author: laffer1
Date: 2014-09-16 19:41:17 -0400 (Tue, 16 Sep 2014)
Log Message:
-----------
20140916:
Fix a security issue with TCP SYN.
When a segment with the SYN flag for an already existing connection arrives,
the TCP stack tears down the connection, bypassing a check that the
sequence number in the segment is in the expected window.
Obtained from: FreeBSD
Modified Paths:
--------------
stable/0.5/UPDATING
stable/0.5/sys/netinet/tcp_input.c
stable/0.5/sys/sys/param.h
Modified: stable/0.5/UPDATING
===================================================================
--- stable/0.5/UPDATING 2014-09-14 03:55:54 UTC (rev 6766)
+++ stable/0.5/UPDATING 2014-09-16 23:41:17 UTC (rev 6767)
@@ -1,5 +1,12 @@
Updating Information for MidnightBSD users.
+20140916:
+ Fix a security issue with TCP SYN.
+
+ When a segment with the SYN flag for an already existing connection arrives,
+ the TCP stack tears down the connection, bypassing a check that the
+ sequence number in the segment is in the expected window.
+
20140909:
Fixed a bug with clearenv(3) that could result in a segfault.
Modified: stable/0.5/sys/netinet/tcp_input.c
===================================================================
--- stable/0.5/sys/netinet/tcp_input.c 2014-09-14 03:55:54 UTC (rev 6766)
+++ stable/0.5/sys/netinet/tcp_input.c 2014-09-16 23:41:17 UTC (rev 6767)
@@ -2161,11 +2161,7 @@
todrop = tp->rcv_nxt - th->th_seq;
if (todrop > 0) {
- /*
- * If this is a duplicate SYN for our current connection,
- * advance over it and pretend and it's not a SYN.
- */
- if (thflags & TH_SYN && th->th_seq == tp->irs) {
+ if (thflags & TH_SYN) {
thflags &= ~TH_SYN;
th->th_seq++;
if (th->th_urp > 1)
Modified: stable/0.5/sys/sys/param.h
===================================================================
--- stable/0.5/sys/sys/param.h 2014-09-14 03:55:54 UTC (rev 6766)
+++ stable/0.5/sys/sys/param.h 2014-09-16 23:41:17 UTC (rev 6767)
@@ -51,7 +51,7 @@
* or r is 5-9 in stable after 1.0 is released.
*/
#undef __MidnightBSD_version
-#define __MidnightBSD_version 5007 /* Master, propagated to newvers */
+#define __MidnightBSD_version 5008 /* Master, propagated to newvers */
/* Version of FreeBSD we're compatible with */
#undef __FreeBSD_version
More information about the Midnightbsd-cvs
mailing list