Re: Sequence Number Validation Bug Fixes 2/2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Thanks a lot for looking into this.

I think the problem below is similar to or even covered by the bug fix
submitted on 23th November (it is in net-2.6 but may not yet be in mainline):

http://eden-feed.erg.abdn.ac.uk/cgi-bin/gitweb.cgi?p=dccp_exp.git;a=commitdiff;h=0ac78870220b6e0ac74dd9292bcfa7b18718babd

I will have a look at the other patches, but it maybe "next year" until
able to get back.


Quoting Samuel Jero:
| Currently dccp_check_seqno allows any valid packet to update the
| Greatest Sequence Number Received, even if that packet's sequence number
| is less than the current GSR. This patch adds a check to make sure that
| the new packet's sequence number is greater than GSR.
| 
| >>>>>>>>>>>>>>>>>>>>>>>>>  Patch Follows <<<<<<<<<<<<<<<<<<<<<<<<<<
| diff --git a/net/dccp/input.c b/net/dccp/input.c
| --- a/net/dccp/input.c
| +++ b/net/dccp/input.c
| @@ -252,7 +253,10 @@ static int dccp_check_seqno(struct sock *sk, struct
| sk_buff *skb)
| if (between48(seqno, lswl, dp->dccps_swh) &&
|     (ackno == DCCP_PKT_WITHOUT_ACK_SEQ ||
|      between48(ackno, lawl, dp->dccps_awh))) {
| - dccp_update_gsr(sk, seqno);
| +
| + if(after48(seqno, dp->dccps_gsr)){
| + dccp_update_gsr(sk, seqno);
| + }
| 
| if (dh->dccph_type != DCCP_PKT_SYNC &&
|     ackno != DCCP_PKT_WITHOUT_ACK_SEQ && 

--
To unsubscribe from this list: send the line "unsubscribe dccp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux Kernel]     [IETF DCCP]     [Linux Networking]     [Git]     [Security]     [Linux Assembly]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Linux Resources]

Powered by Linux