[PATCH 1/1] UBUNTU: SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix

Fri Sep 14 18:50:23 UTC 2018

The backport of upstream commit 3d4bf93ac120 ("tcp: detect malicious
patterns in tcp_collapse_ofo_queue()") didn't increase the
range_truesize value in some situations.

CVE-2018-5390

Fixes: 8a668da92a76 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()")
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 net/ipv4/tcp_input.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index ab79331a510e..4d5c79f40aac 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4638,6 +4638,7 @@ static void tcp_collapse_ofo_queue(struct sock *sk)
 			end = TCP_SKB_CB(skb)->end_seq;
 			range_truesize += skb->truesize;
 		} else {
+			range_truesize += skb->truesize;
 			if (before(TCP_SKB_CB(skb)->seq, start))
 				start = TCP_SKB_CB(skb)->seq;
 			if (after(TCP_SKB_CB(skb)->end_seq, end))
-- 
2.7.4



