From 1ca722e5ea47f9fe2718bdce57437a6de11849f7 Mon Sep 17 00:00:00 2001 From: Jun-ichiro itojun Hagino Date: Tue, 29 Feb 2000 05:25:54 +0000 Subject: ensure tcp window size does not overflow (16bit unsigned after window scale). FreeBSD PR: 16914 --- sys/netinet/tcp_subr.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'sys/netinet') diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index eb09b426e86..c87800e1e02 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcp_subr.c,v 1.23 1999/12/29 20:27:55 mickey Exp $ */ +/* $OpenBSD: tcp_subr.c,v 1.24 2000/02/29 05:25:53 itojun Exp $ */ /* $NetBSD: tcp_subr.c,v 1.22 1996/02/13 23:44:00 christos Exp $ */ /* @@ -375,9 +375,10 @@ tcp_respond(tp, template, m, ack, seq, flags) th->th_off = sizeof (struct tcphdr) >> 2; th->th_flags = flags; if (tp) - th->th_win = htons((u_int16_t) (win >> tp->rcv_scale)); - else - th->th_win = htons((u_int16_t)win); + win >>= tp->rcv_scale; + if (win > TCP_MAXWIN) + win = TCP_MAXWIN; + th->th_win = htons((u_int16_t)win); th->th_urp = 0; #ifdef INET6 -- cgit v1.2.3