summaryrefslogtreecommitdiff
path: root/sys/netinet
diff options
context:
space:
mode:
authorMartin Pieuchot <mpi@cvs.openbsd.org>2020-06-18 14:52:52 +0000
committerMartin Pieuchot <mpi@cvs.openbsd.org>2020-06-18 14:52:52 +0000
commitd2251eaff5c82e8f6d690237dcac25237f132338 (patch)
treec9e539e2548bd9da9484b38eaeab276a7d323774 /sys/netinet
parentced1bcc76e19a77151dac9196fb82b30f0330bda (diff)
Refuse to set 0 or a negative value for net.inet.tcp.synbucketlimit.
Prevent a panic in syn_cache_insert() found by syzbot. Reported-by: syzbot+aee24ad9b7bf5665912d@syzkaller.appspotmail.com ok sashan@, anton@, millert@
Diffstat (limited to 'sys/netinet')
-rw-r--r--sys/netinet/tcp_usrreq.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/sys/netinet/tcp_usrreq.c b/sys/netinet/tcp_usrreq.c
index a2cf32f1f93..086fd603e19 100644
--- a/sys/netinet/tcp_usrreq.c
+++ b/sys/netinet/tcp_usrreq.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcp_usrreq.c,v 1.172 2019/07/12 19:43:51 bluhm Exp $ */
+/* $OpenBSD: tcp_usrreq.c,v 1.173 2020/06/18 14:52:51 mpi Exp $ */
/* $NetBSD: tcp_usrreq.c,v 1.20 1996/02/13 23:44:16 christos Exp $ */
/*
@@ -1061,6 +1061,19 @@ tcp_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
case TCPCTL_STATS:
return (tcp_sysctl_tcpstat(oldp, oldlenp, newp));
+ case TCPCTL_SYN_BUCKET_LIMIT:
+ NET_LOCK();
+ nval = tcp_syn_bucket_limit;
+ error = sysctl_int(oldp, oldlenp, newp, newlen, &nval);
+ if (!error && nval != tcp_syn_bucket_limit) {
+ if (nval > 0)
+ tcp_syn_bucket_limit = nval;
+ else
+ error = EINVAL;
+ }
+ NET_UNLOCK();
+ return (error);
+
case TCPCTL_SYN_USE_LIMIT:
NET_LOCK();
error = sysctl_int(oldp, oldlenp, newp, newlen,