summaryrefslogtreecommitdiffstats
path: root/sys/netinet/tcp_reass.c
diff options
context:
space:
mode:
authorwollman <wollman@FreeBSD.org>1997-11-20 20:04:49 +0000
committerwollman <wollman@FreeBSD.org>1997-11-20 20:04:49 +0000
commit390341dca56b4b438dec1f970c9357e73ab66837 (patch)
tree6b00313519cbfbbe0837b6dac7fc566cd9ca4ed3 /sys/netinet/tcp_reass.c
parent2ba2c6e5da88344da3a9ef259307688aacbee71e (diff)
downloadFreeBSD-src-390341dca56b4b438dec1f970c9357e73ab66837.zip
FreeBSD-src-390341dca56b4b438dec1f970c9357e73ab66837.tar.gz
Add Matt Dillon's quick fix hack for the self-connect DoS.
PR: 5103
Diffstat (limited to 'sys/netinet/tcp_reass.c')
-rw-r--r--sys/netinet/tcp_reass.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c
index 9785551..31fa80d 100644
--- a/sys/netinet/tcp_reass.c
+++ b/sys/netinet/tcp_reass.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)tcp_input.c 8.12 (Berkeley) 5/24/95
- * $Id: tcp_input.c,v 1.64 1997/10/28 15:58:52 bde Exp $
+ * $Id: tcp_input.c,v 1.65 1997/11/07 08:53:21 phk Exp $
*/
#include "opt_tcpdebug.h"
@@ -317,6 +317,19 @@ tcp_input(m, iphlen)
#endif /* TUBA_INCLUDE */
/*
+ * Reject attempted self-connects. XXX This actually masks
+ * a bug elsewhere, since self-connect should work.
+ * However, a urrently-active DoS attack in the Internet
+ * sends a phony self-connect request which causes an infinite
+ * loop.
+ */
+ if (ti->ti_src.s_addr == ti->ti_dst.s_addr
+ && ti->ti_sport == ti->ti_dport) {
+ tcpstat.tcps_badsyn++;
+ goto drop;
+ }
+
+ /*
* Check that TCP offset makes sense,
* pull out TCP options and adjust length. XXX
*/
OpenPOWER on IntegriCloud