From 606a2669cfc212fe9466694647efea0df122ebbc Mon Sep 17 00:00:00 2001 From: Stephan Uphoff Date: Mon, 16 Jun 2008 20:08:22 +0000 Subject: [PATCH] Change incorrect stale cookie detection in syncookie_lookup() that prematurely declared a cookie as expired. Reviewed by: andre@, silby@ Reported by: Yahoo! --- sys/netinet/tcp_syncache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 88b2c5e7cc6..97df5d4e15a 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1618,7 +1618,7 @@ syncookie_lookup(struct in_conninfo *inc, struct syncache_head *sch, * The secret wasn't updated for the lifetime of a syncookie, * so this SYN-ACK/ACK is either too old (replay) or totally bogus. */ - if (sch->sch_reseed < time_uptime) { + if (sch->sch_reseed + SYNCOOKIE_LIFETIME < time_uptime) { return (NULL); }