[Midnightbsd-cvs] src [6769] stable/0.4: 0.4-RELEASE-p15

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Tue Sep 16 19:49:28 EDT 2014 

Revision: 6769
          http://svnweb.midnightbsd.org/src/?rev=6769
Author:   laffer1
Date:     2014-09-16 19:49:28 -0400 (Tue, 16 Sep 2014)
Log Message:
-----------
0.4-RELEASE-p15

20140916:
        Fix a security issue with TCP SYN.

        When a segment with the SYN flag for an already existing connection arrives,
        the TCP stack tears down the connection, bypassing a check that the
        sequence number in the segment is in the expected window.

Modified Paths:
--------------
    stable/0.4/UPDATING
    stable/0.4/sys/conf/newvers.sh
    stable/0.4/sys/netinet/tcp_input.c

Modified: stable/0.4/UPDATING
===================================================================
--- stable/0.4/UPDATING	2014-09-16 23:42:27 UTC (rev 6768)
+++ stable/0.4/UPDATING	2014-09-16 23:49:28 UTC (rev 6769)
@@ -1,5 +1,14 @@
 Updating Information for MidnightBSD users.
 
+20140916:
+	0.4-RELEASE-p15
+
+        Fix a security issue with TCP SYN.
+
+        When a segment with the SYN flag for an already existing connection arrives,
+        the TCP stack tears down the connection, bypassing a check that the
+        sequence number in the segment is in the expected window.
+
 20140909:
 	0.4-RELEASE-p14
 	
@@ -18,7 +27,6 @@
         OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to
         a denial of service attack. [CVE-2014-3510]
 
-
 20140710:
 	0.4-RELEASE-p13
 

Modified: stable/0.4/sys/conf/newvers.sh
===================================================================
--- stable/0.4/sys/conf/newvers.sh	2014-09-16 23:42:27 UTC (rev 6768)
+++ stable/0.4/sys/conf/newvers.sh	2014-09-16 23:49:28 UTC (rev 6769)
@@ -33,7 +33,7 @@
 
 TYPE="MidnightBSD"
 REVISION="0.4"
-BRANCH="RELEASE-p14"
+BRANCH="RELEASE-p15"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: stable/0.4/sys/netinet/tcp_input.c
===================================================================
--- stable/0.4/sys/netinet/tcp_input.c	2014-09-16 23:42:27 UTC (rev 6768)
+++ stable/0.4/sys/netinet/tcp_input.c	2014-09-16 23:49:28 UTC (rev 6769)
@@ -2161,11 +2161,7 @@
 
 	todrop = tp->rcv_nxt - th->th_seq;
 	if (todrop > 0) {
-		/*
-		 * If this is a duplicate SYN for our current connection,
-		 * advance over it and pretend and it's not a SYN.
-		 */
-		if (thflags & TH_SYN && th->th_seq == tp->irs) {
+		if (thflags & TH_SYN) {
 			thflags &= ~TH_SYN;
 			th->th_seq++;
 			if (th->th_urp > 1)

More information about the Midnightbsd-cvs mailing list