svn commit: r367891 - head/sys/netinet

Fri, 20 Nov 2020 05:00:36 -0800 

Author: tuexen
Date: Fri Nov 20 13:00:28 2020
New Revision: 367891
URL: https://svnweb.freebsd.org/changeset/base/367891

Log:
  Fix an issue I introuced in r367530: tcp_twcheck() can be called
  with to == NULL for SYN segments. So don't assume tp != NULL.
  Thanks to jhb@ for reporting and suggesting a fix.
  
  PR:                   250499
  MFC after:            1 week
  XMFC-with:            r367530
  Sponsored by:         Netflix, Inc.

Modified:
  head/sys/netinet/tcp_timewait.c

Modified: head/sys/netinet/tcp_timewait.c
==============================================================================
--- head/sys/netinet/tcp_timewait.c     Fri Nov 20 12:31:02 2020        
(r367890)
+++ head/sys/netinet/tcp_timewait.c     Fri Nov 20 13:00:28 2020        
(r367891)
@@ -374,6 +374,7 @@ tcp_twstart(struct tcpcb *tp)
 /*
  * Returns 1 if the TIME_WAIT state was killed and we should start over,
  * looking for a pcb in the listen state.  Returns 0 otherwise.
+ * It be called with to == NULL only for pure SYN-segments.
  */
 int
 tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th,
@@ -397,6 +398,8 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, stru
                goto drop;
 
        thflags = th->th_flags;
+       KASSERT(to != NULL || (thflags & (TH_SYN | TH_ACK)) == TH_SYN,
+               ("tcp_twcheck: called without options on a non-SYN segment"));
 
        /*
         * NOTE: for FIN_WAIT_2 (to be added later),
@@ -411,16 +414,6 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, stru
        if (thflags & TH_RST)
                goto drop;
 
-       /*
-        * If timestamps were negotiated during SYN/ACK and a
-        * segment without a timestamp is received, silently drop
-        * the segment.
-        * See section 3.2 of RFC 7323.
-        */
-       if (((to->to_flags & TOF_TS) == 0) && (tw->t_recent != 0)) {
-               goto drop;
-       }
-
 #if 0
 /* PAWS not needed at the moment */
        /*
@@ -454,6 +447,16 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, stru
         */
        if ((thflags & TH_ACK) == 0)
                goto drop;
+
+       /*
+        * If timestamps were negotiated during SYN/ACK and a
+        * segment without a timestamp is received, silently drop
+        * the segment.
+        * See section 3.2 of RFC 7323.
+        */
+       if (((to->to_flags & TOF_TS) == 0) && (tw->t_recent != 0)) {
+               goto drop;
+       }
 
        /*
         * Reset the 2MSL timer if this is a duplicate FIN.
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to