summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2005-08-11 11:39:37 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2005-08-11 11:39:37 +0000
commit2e4382bf57c8db77699440b5fbea9447891f2d34 (patch)
treecb986dd7ba6227423b737a8114c447690c522b40 /sys
parent0300260e07ec721ec54647e3542045abfeca08c8 (diff)
don't accept SYN-only TCP options for established connections;
cf FreeBSD-SA-05:15.tcp; ok claudio, mcbride
Diffstat (limited to 'sys')
-rw-r--r--sys/netinet/tcp_input.c29
1 files changed, 19 insertions, 10 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c
index 1e011cfd75a..71ff36cf3df 100644
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcp_input.c,v 1.189 2005/08/02 11:05:44 markus Exp $ */
+/* $OpenBSD: tcp_input.c,v 1.190 2005/08/11 11:39:36 markus Exp $ */
/* $NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $ */
/*
@@ -2257,6 +2257,8 @@ tcp_dooptions(tp, cp, cnt, th, m, iphlen, oi)
continue;
if (!(th->th_flags & TH_SYN))
continue;
+ if (TCPS_HAVERCVDSYN(tp->t_state))
+ continue;
bcopy((char *) cp + 2, (char *) &mss, sizeof(mss));
NTOHS(mss);
oi->maxseg = mss;
@@ -2267,6 +2269,8 @@ tcp_dooptions(tp, cp, cnt, th, m, iphlen, oi)
continue;
if (!(th->th_flags & TH_SYN))
continue;
+ if (TCPS_HAVERCVDSYN(tp->t_state))
+ continue;
tp->t_flags |= TF_RCVD_SCALE;
tp->requested_s_scale = min(cp[2], TCP_MAX_WINSHIFT);
break;
@@ -2280,24 +2284,29 @@ tcp_dooptions(tp, cp, cnt, th, m, iphlen, oi)
bcopy(cp + 6, &oi->ts_ecr, sizeof(oi->ts_ecr));
NTOHL(oi->ts_ecr);
+ if (!(th->th_flags & TH_SYN))
+ continue;
+ if (TCPS_HAVERCVDSYN(tp->t_state))
+ continue;
/*
* A timestamp received in a SYN makes
* it ok to send timestamp requests and replies.
*/
- if (th->th_flags & TH_SYN) {
- tp->t_flags |= TF_RCVD_TSTMP;
- tp->ts_recent = oi->ts_val;
- tp->ts_recent_age = tcp_now;
- }
+ tp->t_flags |= TF_RCVD_TSTMP;
+ tp->ts_recent = oi->ts_val;
+ tp->ts_recent_age = tcp_now;
break;
#ifdef TCP_SACK
case TCPOPT_SACK_PERMITTED:
if (!tp->sack_enable || optlen!=TCPOLEN_SACK_PERMITTED)
continue;
- if (th->th_flags & TH_SYN)
- /* MUST only be set on SYN */
- tp->t_flags |= TF_SACK_PERMIT;
+ if (!(th->th_flags & TH_SYN))
+ continue;
+ if (TCPS_HAVERCVDSYN(tp->t_state))
+ continue;
+ /* MUST only be set on SYN */
+ tp->t_flags |= TF_SACK_PERMIT;
break;
case TCPOPT_SACK:
tcp_sack_option(tp, th, cp, optlen);
@@ -3965,10 +3974,10 @@ syn_cache_add(src, dst, th, iphlen, so, m, optp, optlen, oi)
#endif
tb.t_flags = tcp_do_rfc1323 ? (TF_REQ_SCALE|TF_REQ_TSTMP) : 0;
#ifdef TCP_SIGNATURE
- tb.t_state = TCPS_LISTEN;
if (tp->t_flags & TF_SIGNATURE)
tb.t_flags |= TF_SIGNATURE;
#endif
+ tb.t_state = TCPS_LISTEN;
if (tcp_dooptions(&tb, optp, optlen, th, m, iphlen, oi))
return (0);
} else