Re: [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN

Alex Riesen (Alexander.Riesen@synopsys.com)
Fri, 25 Oct 2002 12:13:11 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ian Leonard: "HPT372 on Abit KD7 motherboard"
Previous message: Takashi Iwai: "Re: [PATCHSET 22/25] add support for PC-9800 architecture (sound alsa)"

On Fri, Oct 25, 2002 at 11:00:43AM +0200, Florian Weimer wrote:
> This patch prevents SYN+RST and SYN+FIN segments which arrive in the
> LISTEN state from initiating a three-way handshake.
>
> I'm not sure if it is correct, but it's better than nothing (so far, I
> haven't seen any patch for this issue).
>
> --- tcp_input.c 2002/10/25 08:45:20 1.1
> +++ tcp_input.c 2002/10/25 08:49:21
> @@ -3668,6 +3668,8 @@
> case TCP_LISTEN:
> if(th->ack)
> return 1;
> + if(th->rst || th->fin)
> + goto discard;
>
> if(th->syn) {
> if(tp->af_specific->conn_request(sk, skb) < 0)
>

You mean to place the check below "if(th->syn)", don't you?

-alex
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ian Leonard: "HPT372 on Abit KD7 motherboard"
Previous message: Takashi Iwai: "Re: [PATCHSET 22/25] add support for PC-9800 architecture (sound alsa)"