diff options
author | delphij <delphij@FreeBSD.org> | 2014-09-16 09:48:35 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2014-09-16 09:48:35 +0000 |
commit | f7baec35a31fd33585a0d97ca1c8166a3a9873b8 (patch) | |
tree | e84cbd20e63f700273fb3071437b316765717c27 /sys/netinet | |
parent | 4f02bb3b6b1f0cd64fdf90db819bdf04b6e2045b (diff) | |
download | FreeBSD-src-f7baec35a31fd33585a0d97ca1c8166a3a9873b8.zip FreeBSD-src-f7baec35a31fd33585a0d97ca1c8166a3a9873b8.tar.gz |
Fix Denial of Service in TCP packet processing.
Security: FreeBSD-SA-14:19.tcp
Approved by: re (implicit, security advisory)
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/tcp_input.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 737e88a..d8d550a 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -2176,11 +2176,7 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, todrop = tp->rcv_nxt - th->th_seq; if (todrop > 0) { - /* - * If this is a duplicate SYN for our current connection, - * advance over it and pretend and it's not a SYN. - */ - if (thflags & TH_SYN && th->th_seq == tp->irs) { + if (thflags & TH_SYN) { thflags &= ~TH_SYN; th->th_seq++; if (th->th_urp > 1) |