CoCalc -- tcp.patch

GitHub Repository: freebsd/freebsd-doc
Path: blob/main/website/static/security/patches/EN-08:02/tcp.patch
¹⁸⁰⁹⁶ views
1
Index: sys/netinet/tcp.h
2
===================================================================
3
RCS file: /home/ncvs/src/sys/netinet/tcp.h,v
4
retrieving revision 1.40
5
diff -p -u -I__FBSDID -I$FreeBSD -r1.40 tcp.h
6
--- sys/netinet/tcp.h	25 May 2007 21:28:49 -0000	1.40
7
+++ sys/netinet/tcp.h	18 Jun 2008 05:36:20 -0000
8
@@ -78,6 +78,8 @@ struct tcphdr {
9
 
10
 #define	TCPOPT_EOL		0
11
 #define	   TCPOLEN_EOL			1
12
+#define	TCPOPT_PAD		0		/* padding after EOL */
13
+#define	   TCPOLEN_PAD			1
14
 #define	TCPOPT_NOP		1
15
 #define	   TCPOLEN_NOP			1
16
 #define	TCPOPT_MAXSEG		2
17
Index: sys/netinet/tcp_output.c
18
===================================================================
19
RCS file: /home/ncvs/src/sys/netinet/tcp_output.c,v
20
retrieving revision 1.141.2.3
21
diff -p -u -I__FBSDID -I$FreeBSD -r1.141.2.3 tcp_output.c
22
--- sys/netinet/tcp_output.c	5 Dec 2007 10:37:17 -0000	1.141.2.3
23
+++ sys/netinet/tcp_output.c	18 Jun 2008 05:36:21 -0000
24
@@ -1280,12 +1280,16 @@ tcp_addoptions(struct tcpopt *to, u_char
25
 	for (mask = 1; mask < TOF_MAXOPT; mask <<= 1) {
26
 		if ((to->to_flags & mask) != mask)
27
 			continue;
28
+		if (optlen == TCP_MAXOLEN)
29
+			break;
30
 		switch (to->to_flags & mask) {
31
 		case TOF_MSS:
32
 			while (optlen % 4) {
33
 				optlen += TCPOLEN_NOP;
34
 				*optp++ = TCPOPT_NOP;
35
 			}
36
+			if (TCP_MAXOLEN - optlen < TCPOLEN_MAXSEG)
37
+				continue;
38
 			optlen += TCPOLEN_MAXSEG;
39
 			*optp++ = TCPOPT_MAXSEG;
40
 			*optp++ = TCPOLEN_MAXSEG;
41
@@ -1298,6 +1302,8 @@ tcp_addoptions(struct tcpopt *to, u_char
42
 				optlen += TCPOLEN_NOP;
43
 				*optp++ = TCPOPT_NOP;
44
 			}
45
+			if (TCP_MAXOLEN - optlen < TCPOLEN_WINDOW)
46
+				continue;
47
 			optlen += TCPOLEN_WINDOW;
48
 			*optp++ = TCPOPT_WINDOW;
49
 			*optp++ = TCPOLEN_WINDOW;
50
@@ -1308,6 +1314,8 @@ tcp_addoptions(struct tcpopt *to, u_char
51
 				optlen += TCPOLEN_NOP;
52
 				*optp++ = TCPOPT_NOP;
53
 			}
54
+			if (TCP_MAXOLEN - optlen < TCPOLEN_SACK_PERMITTED)
55
+				continue;
56
 			optlen += TCPOLEN_SACK_PERMITTED;
57
 			*optp++ = TCPOPT_SACK_PERMITTED;
58
 			*optp++ = TCPOLEN_SACK_PERMITTED;
59
@@ -1317,6 +1325,8 @@ tcp_addoptions(struct tcpopt *to, u_char
60
 				optlen += TCPOLEN_NOP;
61
 				*optp++ = TCPOPT_NOP;
62
 			}
63
+			if (TCP_MAXOLEN - optlen < TCPOLEN_TIMESTAMP)
64
+				continue;
65
 			optlen += TCPOLEN_TIMESTAMP;
66
 			*optp++ = TCPOPT_TIMESTAMP;
67
 			*optp++ = TCPOLEN_TIMESTAMP;
68
@@ -1355,7 +1365,7 @@ tcp_addoptions(struct tcpopt *to, u_char
69
 				optlen += TCPOLEN_NOP;
70
 				*optp++ = TCPOPT_NOP;
71
 			}
72
-			if (TCP_MAXOLEN - optlen < 2 + TCPOLEN_SACK)
73
+			if (TCP_MAXOLEN - optlen < TCPOLEN_SACKHDR + TCPOLEN_SACK)
74
 				continue;
75
 			optlen += TCPOLEN_SACKHDR;
76
 			*optp++ = TCPOPT_SACK;
77
@@ -1386,9 +1396,15 @@ tcp_addoptions(struct tcpopt *to, u_char
78
 		optlen += TCPOLEN_EOL;
79
 		*optp++ = TCPOPT_EOL;
80
 	}
81
+	/*
82
+	 * According to RFC 793 (STD0007):
83
+	 *   "The content of the header beyond the End-of-Option option
84
+	 *    must be header padding (i.e., zero)."
85
+	 *   and later: "The padding is composed of zeros."
86
+	 */
87
 	while (optlen % 4) {
88
-		optlen += TCPOLEN_NOP;
89
-		*optp++ = TCPOPT_NOP;
90
+		optlen += TCPOLEN_PAD;
91
+		*optp++ = TCPOPT_PAD;
92
 	}
93
 
94
 	KASSERT(optlen <= TCP_MAXOLEN, ("%s: TCP options too long", __func__));
95

96
Product

Resources

Company
