ACK: [PATCH v2 1/1] UBUNTU: SAUCE: tcp: Correct the backport of the CVE-2018-5390 fix
Stefan Bader
stefan.bader at canonical.com
Mon Sep 17 11:33:28 UTC 2018
On 14.09.2018 22:47, Tyler Hicks wrote:
> The backport of upstream commit 3d4bf93ac120 ("tcp: detect malicious
> patterns in tcp_collapse_ofo_queue()") didn't correctly reset
> range_truesize when moving on to a new range and didn't increase
> range_truesize when operating within a range.
>
> CVE-2018-5390
>
> Fixes: 8a668da92a76 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()")
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> ---
Looks like the version I ended up with for Xenial.
-Stefan
> net/ipv4/tcp_input.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
> index ab79331a510e..e9cb861e7289 100644
> --- a/net/ipv4/tcp_input.c
> +++ b/net/ipv4/tcp_input.c
> @@ -4636,8 +4636,9 @@ static void tcp_collapse_ofo_queue(struct sock *sk)
> /* Start new segment */
> start = TCP_SKB_CB(skb)->seq;
> end = TCP_SKB_CB(skb)->end_seq;
> - range_truesize += skb->truesize;
> + range_truesize = skb->truesize;
> } else {
> + range_truesize += skb->truesize;
> if (before(TCP_SKB_CB(skb)->seq, start))
> start = TCP_SKB_CB(skb)->seq;
> if (after(TCP_SKB_CB(skb)->end_seq, end))
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180917/ffd28f3b/attachment.sig>
More information about the kernel-team
mailing list