Re: Sequence Number Validation Bug Fixes 2/2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


This problem is, indeed, very similar to the November 23rd bug fix; in
fact, it was that bug fix that caused me to notice this problem.

The difference is that the November 23rd bug fix covers the Greatest
Acknowledgment Number Received; whereas, this bug fix covers the
Greatest Sequence Number Received.

On Tue, 2010-12-28 at 10:44 +0100, Gerrit Renker wrote:
> Thanks a lot for looking into this.
> 
> I think the problem below is similar to or even covered by the bug fix
> submitted on 23th November (it is in net-2.6 but may not yet be in mainline):
> 
> http://eden-feed.erg.abdn.ac.uk/cgi-bin/gitweb.cgi?p=dccp_exp.git;a=commitdiff;h=0ac78870220b6e0ac74dd9292bcfa7b18718babd
> 
> I will have a look at the other patches, but it maybe "next year" until
> able to get back.
> 
> 
> Quoting Samuel Jero:
> | Currently dccp_check_seqno allows any valid packet to update the
> | Greatest Sequence Number Received, even if that packet's sequence number
> | is less than the current GSR. This patch adds a check to make sure that
> | the new packet's sequence number is greater than GSR.
> | 
> | >>>>>>>>>>>>>>>>>>>>>>>>>  Patch Follows <<<<<<<<<<<<<<<<<<<<<<<<<<
> | diff --git a/net/dccp/input.c b/net/dccp/input.c
> | --- a/net/dccp/input.c
> | +++ b/net/dccp/input.c
> | @@ -252,7 +253,10 @@ static int dccp_check_seqno(struct sock *sk, struct
> | sk_buff *skb)
> | if (between48(seqno, lswl, dp->dccps_swh) &&
> |     (ackno == DCCP_PKT_WITHOUT_ACK_SEQ ||
> |      between48(ackno, lawl, dp->dccps_awh))) {
> | - dccp_update_gsr(sk, seqno);
> | +
> | + if(after48(seqno, dp->dccps_gsr)){
> | + dccp_update_gsr(sk, seqno);
> | + }
> | 
> | if (dh->dccph_type != DCCP_PKT_SYNC &&
> |     ackno != DCCP_PKT_WITHOUT_ACK_SEQ && 
> 

Attachment: signature.asc
Description: This is a digitally signed message part


[Linux Kernel]     [IETF DCCP]     [Linux Networking]     [Git]     [Security]     [Linux Assembly]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Linux Resources]

Powered by Linux