| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Dec 2012 14:11:54 -0800 (PST) From: David Miller <davem@...emloft.net> To: eric.dumazet@...il.com Cc: netdev@...r.kernel.org, zhiyunq@...ch.edu, nanditad@...gle.com, ncardwell@...gle.com, john.dykstra1@...il.com Subject: Re: [PATCH] tcp: should drop incoming frames without ACK flag set From: Eric Dumazet <eric.dumazet@...il.com> Date: Wed, 26 Dec 2012 09:10:01 -0800 > @@ -5540,6 +5540,9 @@ no_ack: > } > > slow_path: > + if (!th->ack) > + goto discard; One too many tabs there on that last line :-) > + > if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) > goto csum_error; > > @@ -5551,7 +5554,7 @@ slow_path: Also, I would say that this checksum test should come first, because that takes priority since you could be testing the ACK bit of a corrupted packet. Better to get the statistic bump on the bad checksum then a silent drop on the ACK being cleared. > @@ -5984,11 +5987,15 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, > if (tcp_check_req(sk, skb, req, NULL, true) == NULL) > goto discard; > } > + > + if (!th->ack) > + goto discard; > + And that is effectively what is going to happen in this case since the caller has already done the checksum checks. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists