Fix Denial of Service in TCP packet processing.

Security: FreeBSD-SA-14:19.tcp Approved by: so
2026-06-09 08:43:19 -04:00 · 2014-09-16 09:50:19 +00:00 · 2014-09-16 09:50:19 +00:00 · 7a40f7093f
commit 7a40f7093f
parent a3b95986a5
3 changed files with 5 additions and 6 deletions
--- a/3
+++ b/3
@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.

+20140916:	p9	FreeBSD-SA-14:19.tcp
+	Fix Denial of Service in TCP packet processing. [SA-14:19]
+
 20140909:	p8	FreeBSD-SA-14:18.openssl
 	Fix OpenSSL multiple vulnerabilities. [SA-14:18]

--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@ -32,7 +32,7 @@

 TYPE="FreeBSD"
 REVISION="10.0"
-BRANCH="RELEASE-p8"
+BRANCH="RELEASE-p9"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@ -2202,11 +2202,7 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so,

 	todrop = tp->rcv_nxt - th->th_seq;
 	if (todrop > 0) {
-		/*
-		 * If this is a duplicate SYN for our current connection,
-		 * advance over it and pretend and it's not a SYN.
-		 */
-		if (thflags & TH_SYN && th->th_seq == tp->irs) {
+		if (thflags & TH_SYN) {
 			thflags &= ~TH_SYN;
 			th->th_seq++;
 			if (th->th_urp > 1)