[Midnightbsd-cvs] src [7126] stable/0.6: MidnightBSD 0.6.3 RELEASE

Wed Jul 22 11:00:51 EDT 2015

Revision: 7126
          http://svnweb.midnightbsd.org/src/?rev=7126
Author:   laffer1
Date:     2015-07-22 11:00:50 -0400 (Wed, 22 Jul 2015)
Log Message:
-----------
MidnightBSD 0.6.3 RELEASE

TCP connections transitioning to the LAST_ACK state can become permanently
stuck due to mishandling of protocol state in certain situations, which in
turn can lead to accumulated consumption and eventual exhaustion of system
resources, such as mbufs and sockets.

Modified Paths:
--------------
    stable/0.6/UPDATING
    stable/0.6/sys/conf/newvers.sh
    stable/0.6/sys/netinet/tcp_output.c

Modified: stable/0.6/UPDATING
===================================================================

--- stable/0.6/UPDATING	2015-07-22 14:58:16 UTC (rev 7125)
+++ stable/0.6/UPDATING	2015-07-22 15:00:50 UTC (rev 7126)
@@ -1,5 +1,11 @@
 Updating Information for MidnightBSD users.
 
+20150722:
+	MidnightBSD 0.6.3 RELEASE
+
+	Fix a bug where TCP connections transitioning to LAST_ACK
+	state can get stuck. This can result in a denial of service.
+
 20150621:
 	MidnightBSD 0.6.2 RELEASE
 

Modified: stable/0.6/sys/conf/newvers.sh
===================================================================
--- stable/0.6/sys/conf/newvers.sh	2015-07-22 14:58:16 UTC (rev 7125)
+++ stable/0.6/sys/conf/newvers.sh	2015-07-22 15:00:50 UTC (rev 7126)
@@ -32,7 +32,7 @@
 # $MidnightBSD$
 
 TYPE="MidnightBSD"
-REVISION="0.6.2"
+REVISION="0.6.3"
 RELEASE="${REVISION}"
 VERSION="${TYPE} ${RELEASE}"
 SYSDIR=$(dirname $0)/..

Modified: stable/0.6/sys/netinet/tcp_output.c
===================================================================
--- stable/0.6/sys/netinet/tcp_output.c	2015-07-22 14:58:16 UTC (rev 7125)
+++ stable/0.6/sys/netinet/tcp_output.c	2015-07-22 15:00:50 UTC (rev 7126)
@@ -393,7 +393,7 @@
 		flags &= ~TH_FIN;
 	}
 
-	if (len < 0) {
+	if (len <= 0) {
 		/*
 		 * If FIN has been sent but not acked,
 		 * but we haven't been called to retransmit,
@@ -403,9 +403,16 @@
 		 * to (closed) window, and set the persist timer
 		 * if it isn't already going.  If the window didn't
 		 * close completely, just wait for an ACK.
+		 *
+		 * We also do a general check here to ensure that
+		 * we will set the persist timer when we have data
+		 * to send, but a 0-byte window. This makes sure
+		 * the persist timer is set even if the packet
+		 * hits one of the "goto send" lines below.
 		 */
 		len = 0;
-		if (sendwin == 0) {
+		if ((sendwin == 0) && (TCPS_HAVEESTABLISHED(tp->t_state)) &&
+			(off < (int) so->so_snd.sb_cc)) {
 			tcp_timer_activate(tp, TT_REXMT, 0);
 			tp->t_rxtshift = 0;
 			tp->snd_nxt = tp->snd_una;

