Re: [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN

• Next message: Ian Leonard: "HPT372 on Abit KD7 motherboard"
• Previous message: Takashi Iwai: "Re: [PATCHSET 22/25] add support for PC-9800 architecture (sound alsa)"
• In reply to: Florian Weimer: "[SECURITY] CERT/CC VU#464113, SYN plus RST/FIN"
• Next in thread: Florian Weimer: "Re: [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN"
• Reply: Florian Weimer: "Re: [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 25, 2002 at 11:00:43AM +0200, Florian Weimer wrote:
> This patch prevents SYN+RST and SYN+FIN segments which arrive in the
> LISTEN state from initiating a three-way handshake.
>
> I'm not sure if it is correct, but it's better than nothing (so far, I
> haven't seen any patch for this issue).
>
> --- tcp_input.c 2002/10/25 08:45:20 1.1
> +++ tcp_input.c 2002/10/25 08:49:21
> @@ -3668,6 +3668,8 @@
> case TCP_LISTEN:
> if(th->ack)
> return 1;
> + if(th->rst || th->fin)
> + goto discard;
>
> if(th->syn) {
> if(tp->af_specific->conn_request(sk, skb) < 0)
>

You mean to place the check below "if(th->syn)", don't you?

-alex
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Ian Leonard: "HPT372 on Abit KD7 motherboard"
• Previous message: Takashi Iwai: "Re: [PATCHSET 22/25] add support for PC-9800 architecture (sound alsa)"
• In reply to: Florian Weimer: "[SECURITY] CERT/CC VU#464113, SYN plus RST/FIN"
• Next in thread: Florian Weimer: "Re: [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN"
• Reply: Florian Weimer: "Re: [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:27 EST