Author: delphij
Date: Tue Sep 16 09:50:19 2014
New Revision: 271669
URL: http://svnweb.freebsd.org/changeset/base/271669

Log:
  Fix Denial of Service in TCP packet processing.
  
  Security:     FreeBSD-SA-14:19.tcp
  Approved by:  so

Modified:
  releng/10.0/UPDATING
  releng/10.0/sys/conf/newvers.sh
  releng/10.0/sys/netinet/tcp_input.c
  releng/8.4/UPDATING
  releng/8.4/sys/conf/newvers.sh
  releng/8.4/sys/netinet/tcp_input.c
  releng/9.1/UPDATING
  releng/9.1/sys/conf/newvers.sh
  releng/9.1/sys/netinet/tcp_input.c
  releng/9.2/UPDATING
  releng/9.2/sys/conf/newvers.sh
  releng/9.2/sys/netinet/tcp_input.c
  releng/9.3/UPDATING
  releng/9.3/sys/conf/newvers.sh
  releng/9.3/sys/netinet/tcp_input.c

Modified: releng/10.0/UPDATING
==============================================================================
--- releng/10.0/UPDATING        Tue Sep 16 09:49:11 2014        (r271668)
+++ releng/10.0/UPDATING        Tue Sep 16 09:50:19 2014        (r271669)
@@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20140916:      p9      FreeBSD-SA-14:19.tcp
+       Fix Denial of Service in TCP packet processing. [SA-14:19]
+
 20140909:      p8      FreeBSD-SA-14:18.openssl
        Fix OpenSSL multiple vulnerabilities. [SA-14:18]
 

Modified: releng/10.0/sys/conf/newvers.sh
==============================================================================
--- releng/10.0/sys/conf/newvers.sh     Tue Sep 16 09:49:11 2014        
(r271668)
+++ releng/10.0/sys/conf/newvers.sh     Tue Sep 16 09:50:19 2014        
(r271669)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="10.0"
-BRANCH="RELEASE-p8"
+BRANCH="RELEASE-p9"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
        BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/10.0/sys/netinet/tcp_input.c
==============================================================================
--- releng/10.0/sys/netinet/tcp_input.c Tue Sep 16 09:49:11 2014        
(r271668)
+++ releng/10.0/sys/netinet/tcp_input.c Tue Sep 16 09:50:19 2014        
(r271669)
@@ -2202,11 +2202,7 @@ tcp_do_segment(struct mbuf *m, struct tc
 
        todrop = tp->rcv_nxt - th->th_seq;
        if (todrop > 0) {
-               /*
-                * If this is a duplicate SYN for our current connection,
-                * advance over it and pretend and it's not a SYN.
-                */
-               if (thflags & TH_SYN && th->th_seq == tp->irs) {
+               if (thflags & TH_SYN) {
                        thflags &= ~TH_SYN;
                        th->th_seq++;
                        if (th->th_urp > 1)

Modified: releng/8.4/UPDATING
==============================================================================
--- releng/8.4/UPDATING Tue Sep 16 09:49:11 2014        (r271668)
+++ releng/8.4/UPDATING Tue Sep 16 09:50:19 2014        (r271669)
@@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
        debugging tools present in HEAD were left in place because
        sun4v support still needs work to become production ready.
 
+20140916:      p16     FreeBSD-SA-14:19.tcp
+       Fix Denial of Service in TCP packet processing. [SA-14:19]
+
 20140909:      p15     FreeBSD-SA-14:18.openssl
        Fix OpenSSL multiple vulnerabilities. [SA-14:18]
 

Modified: releng/8.4/sys/conf/newvers.sh
==============================================================================
--- releng/8.4/sys/conf/newvers.sh      Tue Sep 16 09:49:11 2014        
(r271668)
+++ releng/8.4/sys/conf/newvers.sh      Tue Sep 16 09:50:19 2014        
(r271669)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="8.4"
-BRANCH="RELEASE-p15"
+BRANCH="RELEASE-p16"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
        BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/8.4/sys/netinet/tcp_input.c
==============================================================================
--- releng/8.4/sys/netinet/tcp_input.c  Tue Sep 16 09:49:11 2014        
(r271668)
+++ releng/8.4/sys/netinet/tcp_input.c  Tue Sep 16 09:50:19 2014        
(r271669)
@@ -2092,11 +2092,7 @@ tcp_do_segment(struct mbuf *m, struct tc
 
        todrop = tp->rcv_nxt - th->th_seq;
        if (todrop > 0) {
-               /*
-                * If this is a duplicate SYN for our current connection,
-                * advance over it and pretend and it's not a SYN.
-                */
-               if (thflags & TH_SYN && th->th_seq == tp->irs) {
+               if (thflags & TH_SYN) {
                        thflags &= ~TH_SYN;
                        th->th_seq++;
                        if (th->th_urp > 1)

Modified: releng/9.1/UPDATING
==============================================================================
--- releng/9.1/UPDATING Tue Sep 16 09:49:11 2014        (r271668)
+++ releng/9.1/UPDATING Tue Sep 16 09:50:19 2014        (r271669)
@@ -9,6 +9,9 @@ handbook.
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20140916:      p19     FreeBSD-SA-14:19.tcp
+       Fix Denial of Service in TCP packet processing. [SA-14:19]
+
 20140909:      p18     FreeBSD-SA-14:18.openssl
        Fix OpenSSL multiple vulnerabilities. [SA-14:18]
 

Modified: releng/9.1/sys/conf/newvers.sh
==============================================================================
--- releng/9.1/sys/conf/newvers.sh      Tue Sep 16 09:49:11 2014        
(r271668)
+++ releng/9.1/sys/conf/newvers.sh      Tue Sep 16 09:50:19 2014        
(r271669)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.1"
-BRANCH="RELEASE-p18"
+BRANCH="RELEASE-p19"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
        BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/9.1/sys/netinet/tcp_input.c
==============================================================================
--- releng/9.1/sys/netinet/tcp_input.c  Tue Sep 16 09:49:11 2014        
(r271668)
+++ releng/9.1/sys/netinet/tcp_input.c  Tue Sep 16 09:50:19 2014        
(r271669)
@@ -2161,11 +2161,7 @@ tcp_do_segment(struct mbuf *m, struct tc
 
        todrop = tp->rcv_nxt - th->th_seq;
        if (todrop > 0) {
-               /*
-                * If this is a duplicate SYN for our current connection,
-                * advance over it and pretend and it's not a SYN.
-                */
-               if (thflags & TH_SYN && th->th_seq == tp->irs) {
+               if (thflags & TH_SYN) {
                        thflags &= ~TH_SYN;
                        th->th_seq++;
                        if (th->th_urp > 1)

Modified: releng/9.2/UPDATING
==============================================================================
--- releng/9.2/UPDATING Tue Sep 16 09:49:11 2014        (r271668)
+++ releng/9.2/UPDATING Tue Sep 16 09:50:19 2014        (r271669)
@@ -11,6 +11,9 @@ handbook:
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20140916:      p12     FreeBSD-SA-14:19.tcp
+       Fix Denial of Service in TCP packet processing. [SA-14:19]
+
 20140909:      p11     FreeBSD-SA-14:18.openssl
        Fix OpenSSL multiple vulnerabilities. [SA-14:18]
 

Modified: releng/9.2/sys/conf/newvers.sh
==============================================================================
--- releng/9.2/sys/conf/newvers.sh      Tue Sep 16 09:49:11 2014        
(r271668)
+++ releng/9.2/sys/conf/newvers.sh      Tue Sep 16 09:50:19 2014        
(r271669)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.2"
-BRANCH="RELEASE-p11"
+BRANCH="RELEASE-p12"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
        BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/9.2/sys/netinet/tcp_input.c
==============================================================================
--- releng/9.2/sys/netinet/tcp_input.c  Tue Sep 16 09:49:11 2014        
(r271668)
+++ releng/9.2/sys/netinet/tcp_input.c  Tue Sep 16 09:50:19 2014        
(r271669)
@@ -2181,11 +2181,7 @@ tcp_do_segment(struct mbuf *m, struct tc
 
        todrop = tp->rcv_nxt - th->th_seq;
        if (todrop > 0) {
-               /*
-                * If this is a duplicate SYN for our current connection,
-                * advance over it and pretend and it's not a SYN.
-                */
-               if (thflags & TH_SYN && th->th_seq == tp->irs) {
+               if (thflags & TH_SYN) {
                        thflags &= ~TH_SYN;
                        th->th_seq++;
                        if (th->th_urp > 1)

Modified: releng/9.3/UPDATING
==============================================================================
--- releng/9.3/UPDATING Tue Sep 16 09:49:11 2014        (r271668)
+++ releng/9.3/UPDATING Tue Sep 16 09:50:19 2014        (r271669)
@@ -11,6 +11,9 @@ handbook:
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20140916:      p2      FreeBSD-SA-14:19.tcp
+       Fix Denial of Service in TCP packet processing. [SA-14:19]
+
 20140909:      p1      FreeBSD-SA-14:18.openssl
        Fix OpenSSL multiple vulnerabilities. [SA-14:18]
 

Modified: releng/9.3/sys/conf/newvers.sh
==============================================================================
--- releng/9.3/sys/conf/newvers.sh      Tue Sep 16 09:49:11 2014        
(r271668)
+++ releng/9.3/sys/conf/newvers.sh      Tue Sep 16 09:50:19 2014        
(r271669)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.3"
-BRANCH="RELEASE-p1"
+BRANCH="RELEASE-p2"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
        BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/9.3/sys/netinet/tcp_input.c
==============================================================================
--- releng/9.3/sys/netinet/tcp_input.c  Tue Sep 16 09:49:11 2014        
(r271668)
+++ releng/9.3/sys/netinet/tcp_input.c  Tue Sep 16 09:50:19 2014        
(r271669)
@@ -2181,11 +2181,7 @@ tcp_do_segment(struct mbuf *m, struct tc
 
        todrop = tp->rcv_nxt - th->th_seq;
        if (todrop > 0) {
-               /*
-                * If this is a duplicate SYN for our current connection,
-                * advance over it and pretend and it's not a SYN.
-                */
-               if (thflags & TH_SYN && th->th_seq == tp->irs) {
+               if (thflags & TH_SYN) {
                        thflags &= ~TH_SYN;
                        th->th_seq++;
                        if (th->th_urp > 1)
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to