NAK: [PATCH 1/1] UBUNTU: SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix

[Tyler Hicks]

On 2018-09-14 14:44:24, Tyler Hicks wrote:
> Hold off on applying this change. There's still a discrepancy (+= vs =
> for the existing range_truesize assignment) between the 4.14.y stable
> branch and what this patch does.

Yeah, I need one other change to correct the backport. I'll send out the
corrected patch in a v2.

Tyler

> 
> Tyler
> 
> On 2018-09-14 18:50:23, Tyler Hicks wrote:
> > The backport of upstream commit 3d4bf93ac120 ("tcp: detect malicious
> > patterns in tcp_collapse_ofo_queue()") didn't increase the
> > range_truesize value in some situations.
> > 
> > CVE-2018-5390
> > 
> > Fixes: 8a668da92a76 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()")
> > Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> > ---
> >  net/ipv4/tcp_input.c | 1 +
> >  1 file changed, 1 insertion(+)
> > 
> > diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
> > index ab79331a510e..4d5c79f40aac 100644
> > --- a/net/ipv4/tcp_input.c
> > +++ b/net/ipv4/tcp_input.c
> > @@ -4638,6 +4638,7 @@ static void tcp_collapse_ofo_queue(struct sock *sk)
> >  			end = TCP_SKB_CB(skb)->end_seq;
> >  			range_truesize += skb->truesize;
> >  		} else {
> > +			range_truesize += skb->truesize;
> >  			if (before(TCP_SKB_CB(skb)->seq, start))
> >  				start = TCP_SKB_CB(skb)->seq;
> >  			if (after(TCP_SKB_CB(skb)->end_seq, end))
> > -- 
> > 2.7.4
> > 
> > 
> > -- 
> > kernel-team mailing list
> > kernel-team at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team



> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180914/bb59a612/attachment.sig>