[Midnightbsd-cvs] src [6768] trunk: 20140916:

Tue Sep 16 19:42:27 EDT 2014

Revision: 6768
          http://svnweb.midnightbsd.org/src/?rev=6768
Author:   laffer1
Date:     2014-09-16 19:42:27 -0400 (Tue, 16 Sep 2014)
Log Message:
-----------
20140916:
        Fix a security issue with TCP SYN.

        When a segment with the SYN flag for an already existing connection arrives,
        the TCP stack tears down the connection, bypassing a check that the
        sequence number in the segment is in the expected window.

Obtained from:	FreeBSD

Modified Paths:
--------------
    trunk/UPDATING
    trunk/sys/netinet/tcp_input.c
    trunk/sys/sys/param.h

Modified: trunk/UPDATING
===================================================================

--- trunk/UPDATING	2014-09-16 23:41:17 UTC (rev 6767)
+++ trunk/UPDATING	2014-09-16 23:42:27 UTC (rev 6768)
@@ -1,5 +1,12 @@
 Updating Information for MidnightBSD users.
 
+20140916:
+        Fix a security issue with TCP SYN.
+
+        When a segment with the SYN flag for an already existing connection arrives,
+        the TCP stack tears down the connection, bypassing a check that the
+        sequence number in the segment is in the expected window.
+
 20140909:
 	Fixed a bug with our clearenv(3) implementation that caused segfaults
 	with some programs including Dovecot.

Modified: trunk/sys/netinet/tcp_input.c
===================================================================
--- trunk/sys/netinet/tcp_input.c	2014-09-16 23:41:17 UTC (rev 6767)
+++ trunk/sys/netinet/tcp_input.c	2014-09-16 23:42:27 UTC (rev 6768)
@@ -2161,11 +2161,7 @@
 
 	todrop = tp->rcv_nxt - th->th_seq;
 	if (todrop > 0) {
-		/*
-		 * If this is a duplicate SYN for our current connection,
-		 * advance over it and pretend and it's not a SYN.
-		 */
-		if (thflags & TH_SYN && th->th_seq == tp->irs) {
+		if (thflags & TH_SYN) {
 			thflags &= ~TH_SYN;
 			th->th_seq++;
 			if (th->th_urp > 1)

Modified: trunk/sys/sys/param.h
===================================================================
--- trunk/sys/sys/param.h	2014-09-16 23:41:17 UTC (rev 6767)
+++ trunk/sys/sys/param.h	2014-09-16 23:42:27 UTC (rev 6768)
@@ -51,7 +51,7 @@
  * 		or r is 5-9 in stable after 1.0 is released.
  */
 #undef __MidnightBSD_version
-#define __MidnightBSD_version 6000	/* Master, propagated to newvers */
+#define __MidnightBSD_version 6001	/* Master, propagated to newvers */
 
 /* Version of FreeBSD we're compatible with */
 #undef __FreeBSD_version

