FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-15 21:30:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c3ae62af8e
linux/net
History
Eric Dumazet c3ae62af8e tcp: should drop incoming frames without ACK flag set 
In commit 96e0bf4b51 (tcp: Discard segments that ack data not yet
sent) John Dykstra enforced a check against ack sequences.

In commit 354e4aa391 (tcp: RFC 5961 5.2 Blind Data Injection Attack
Mitigation) I added more safety tests.

But we missed fact that these tests are not performed if ACK bit is
not set.

RFC 793 3.9 mandates TCP should drop a frame without ACK flag set.

" fifth check the ACK field,
      if the ACK bit is off drop the segment and return"

Not doing so permits an attacker to only guess an acceptable sequence
number, evading stronger checks.

Many thanks to Zhiyun Qian for bringing this issue to our attention.

See :
http://web.eecs.umich.edu/~zhiyunq/pub/ccs12_TCP_sequence_number_inference.pdf

Reported-by: Zhiyun Qian <zhiyunq@umich.edu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Nandita Dukkipati <nanditad@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: John Dykstra <john.dykstra1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-12-26 15:08:55 -08:00
..
9p virtio: 9p: correctly pass physical address to userspace for high pages 2012-10-22 18:19:36 +10:30
802
8021q 8021q: fix vlan device to inherit the unicast filtering capability flag 2012-11-30 12:07:27 -05:00
appletalk
atm atm: use scnprintf() instead of sprintf() 2012-12-17 20:50:51 -08:00
ax25
batman-adv batman-adv: fix random jitter calculation 2012-12-26 14:13:23 -08:00
bluetooth Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2012-12-13 12:00:48 -08:00
bridge bridge: call br_netpoll_disable in br_add_if 2012-12-21 13:17:07 -08:00
caif caif_usb: Make the driver name check more efficient 2012-12-09 00:34:02 -05:00
can Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2012-12-20 14:00:13 -08:00
core CONFIG_HOTPLUG removal from networking core 2012-12-22 00:03:00 -08:00
dcb net: Allow DCBnl to use other namespaces besides init_net 2012-12-10 14:09:01 -05:00
dccp inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and dccp_v4/6_request_recv_sock 2012-12-14 13:14:07 -05:00
decnet net: Push capable(CAP_NET_ADMIN) into the rtnl methods 2012-11-18 20:32:44 -05:00
dns_resolver Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-12-16 15:40:50 -08:00
dsa dsa: Hide core config options; make drivers select what they need 2012-11-26 17:10:44 -05:00
ethernet
ieee802154 6lowpan: consider checksum bytes in fragmentation threshold 2012-11-30 12:19:24 -05:00
ipv4 tcp: should drop incoming frames without ACK flag set 2012-12-26 15:08:55 -08:00
ipv6 ipv6: addrconf.c: remove unnecessary "if" 2012-12-19 12:50:06 -08:00
ipx
irda TTY/Serial merge for 3.8-rc1 2012-12-11 14:08:47 -08:00
iucv
key net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm 2012-11-18 20:32:45 -05:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-11-10 18:32:51 -05:00
lapb
llc net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm 2012-11-18 20:32:45 -05:00
mac80211 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
mac802154 mac802154: fix destructon ordering for ieee802154 devices 2012-12-14 13:14:07 -05:00
netfilter Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
netlabel Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2012-10-02 13:38:27 -07:00
netlink netlink: validate addr_len on bind 2012-12-17 20:50:51 -08:00
netrom
nfc nfc: remove noisy message from llcp_sock_sendmsg 2012-12-13 12:58:10 -05:00
openvswitch openvswitch: Use RCU callback when detaching netdevices. 2012-11-28 14:04:34 -08:00
packet net: Allow userns root to control llc, netfilter, netlink, packet, and xfrm 2012-11-18 20:32:45 -05:00
phonet net: Push capable(CAP_NET_ADMIN) into the rtnl methods 2012-11-18 20:32:44 -05:00
rds net: rds: use this_cpu_* per-cpu helper 2012-11-19 18:59:44 -05:00
rfkill Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
rose
rxrpc Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux 2012-10-14 13:39:34 -07:00
sched net: sched: integer overflow fix 2012-12-22 00:03:00 -08:00
sctp sctp: jsctp_sf_eat_sack: fix jprobes function signature mismatch 2012-12-15 17:14:39 -08:00
sunrpc Merge branch 'for-3.8' of git://linux-nfs.org/~bfields/linux 2012-12-20 14:04:11 -08:00
tipc tipc: refactor accept() code for improved readability 2012-12-07 17:23:24 -05:00
unix net: Don't export sysctls to unprivileged users 2012-11-18 20:30:55 -05:00
wanrouter
wimax
wireless CONFIG_HOTPLUG removal from networking core 2012-12-22 00:03:00 -08:00
x25
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2012-11-22 15:25:55 -05:00
compat.c
Kconfig
Makefile ipv6: Preserve ipv6 functionality needed by NET 2012-11-18 02:34:00 -05:00
nonet.c
socket.c cgroup: net_cls: Rework update socket logic 2012-10-26 03:40:51 -04:00
sysctl_net.c user_ns: get rid of duplicate code in net_ctl_permissions 2012-11-18 20:32:45 -05:00