[PATCH 1/1] UBUNTU: SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix
Tyler Hicks
tyhicks at canonical.com
Fri Sep 14 19:44:24 UTC 2018
Hold off on applying this change. There's still a discrepancy (+= vs =
for the existing range_truesize assignment) between the 4.14.y stable
branch and what this patch does.
Tyler
On 2018-09-14 18:50:23, Tyler Hicks wrote:
> The backport of upstream commit 3d4bf93ac120 ("tcp: detect malicious
> patterns in tcp_collapse_ofo_queue()") didn't increase the
> range_truesize value in some situations.
>
> CVE-2018-5390
>
> Fixes: 8a668da92a76 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()")
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> ---
> net/ipv4/tcp_input.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
> index ab79331a510e..4d5c79f40aac 100644
> --- a/net/ipv4/tcp_input.c
> +++ b/net/ipv4/tcp_input.c
> @@ -4638,6 +4638,7 @@ static void tcp_collapse_ofo_queue(struct sock *sk)
> end = TCP_SKB_CB(skb)->end_seq;
> range_truesize += skb->truesize;
> } else {
> + range_truesize += skb->truesize;
> if (before(TCP_SKB_CB(skb)->seq, start))
> start = TCP_SKB_CB(skb)->seq;
> if (after(TCP_SKB_CB(skb)->end_seq, end))
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180914/c4b960e3/attachment.sig>
More information about the kernel-team
mailing list