Re: Sequence Number Validation Bug Fixes 2/2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


| I am now in agreement with the patch as below.
Thanks a lot for checking again, and also for the two bug fixes. Both were
excellent catches, I am going to submit them now. One less bug to think about.

Gerrit
| 
| > 
| > | > >>>>>>>>>>>>>>>>>>>>>> Patch v2 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
| > | > dccp: fix bug in updating the GSR
| > | > 
| > | > Currently dccp_check_seqno allows any valid packet to update the Greatest
| > | > Sequence Number Received, even if that packet's sequence number is less than
| > | > the current GSR. This patch adds a check to make sure that the new packet's
| > | > sequence number is greater than GSR.
| > | > 
| > | > Signed-off-by: Samuel Jero <sj323707@xxxxxxxx>
| > | > Signed-off-by: Gerrit Renker <gerrit@xxxxxxxxxxxxxx>
| > | > ---
| > | >  net/dccp/dccp.h |    3 ++-
| > | >  1 file changed, 2 insertions(+), 1 deletion(-)
| > | > 
| > | > --- a/net/dccp/dccp.h
| > | > +++ b/net/dccp/dccp.h
| > | > @@ -426,7 +426,8 @@ static inline void dccp_update_gsr(struc
| > | >  {
| > | >  	struct dccp_sock *dp = dccp_sk(sk);
| > | >  
| > | > -	dp->dccps_gsr = seq;
| > | > +	if (after48(seq, dp->dccps_gsr))
| > | > +		dp->dccps_gsr = seq;
| > | >  	/* Sequence validity window depends on remote Sequence Window (7.5.1) */
| > | >  	dp->dccps_swl = SUB48(ADD48(dp->dccps_gsr, 1), dp->dccps_r_seq_win / 4);
| > | >  	/*
--
To unsubscribe from this list: send the line "unsubscribe dccp" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux Kernel]     [IETF DCCP]     [Linux Networking]     [Git]     [Security]     [Linux Assembly]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Linux Resources]

Powered by Linux