diff options
| author | guido <guido@FreeBSD.org> | 1998-11-15 21:35:09 +0000 |
|---|---|---|
| committer | guido <guido@FreeBSD.org> | 1998-11-15 21:35:09 +0000 |
| commit | 23fa293e87aef82c624ae89fae2b6a370f7a08ed (patch) | |
| tree | 55f861ba06073be1bb10979917d65f4db5345896 /sys/netinet | |
| parent | 6461f7d9c17330833044ded41bfae16576aa6a66 (diff) | |
| download | FreeBSD-src-23fa293e87aef82c624ae89fae2b6a370f7a08ed.zip FreeBSD-src-23fa293e87aef82c624ae89fae2b6a370f7a08ed.tar.gz | |
The below patch helps to reduce the leakage of internal socket information
when a TCP "stealth" scan is directed at a *BSD box by ensuring the window
is 0 for all RST packets generated through tcp_respond()
Reviewed by: Don Lewis <Don.Lewis@tsc.tdk.com>
Obtained from: Bugtraq (from: Darren Reed <avalon@COOMBS.ANU.EDU.AU>)
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/tcp_subr.c | 5 | ||||
| -rw-r--r-- | sys/netinet/tcp_timewait.c | 5 |
2 files changed, 6 insertions, 4 deletions
diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index c1c29e4..d844986 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 - * $Id: tcp_subr.c,v 1.46 1998/08/24 07:47:39 dfr Exp $ + * $Id: tcp_subr.c,v 1.47 1998/09/06 08:17:35 phk Exp $ */ #include "opt_compat.h" @@ -209,7 +209,8 @@ tcp_respond(tp, ti, m, ack, seq, flags) struct route sro; if (tp) { - win = sbspace(&tp->t_inpcb->inp_socket->so_rcv); + if (!(flags & TH_RST)) + win = sbspace(&tp->t_inpcb->inp_socket->so_rcv); ro = &tp->t_inpcb->inp_route; } else { ro = &sro; diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index c1c29e4..d844986 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)tcp_subr.c 8.2 (Berkeley) 5/24/95 - * $Id: tcp_subr.c,v 1.46 1998/08/24 07:47:39 dfr Exp $ + * $Id: tcp_subr.c,v 1.47 1998/09/06 08:17:35 phk Exp $ */ #include "opt_compat.h" @@ -209,7 +209,8 @@ tcp_respond(tp, ti, m, ack, seq, flags) struct route sro; if (tp) { - win = sbspace(&tp->t_inpcb->inp_socket->so_rcv); + if (!(flags & TH_RST)) + win = sbspace(&tp->t_inpcb->inp_socket->so_rcv); ro = &tp->t_inpcb->inp_route; } else { ro = &sro; |
