diff options
| author | Eric Dumazet <edumazet@google.com> | 2012-11-13 05:37:18 +0000 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-01-11 09:03:48 -0800 |
| commit | ffd34fcbce326a88668075b9e5480cb301ac6a78 (patch) | |
| tree | a6828391b644055ea5cfcb0c1959d2b17c7dc0c7 /net/sunrpc/auth_gss | |
| parent | 282190eab6442da4789ae3c3037c7b19d65eaf52 (diff) | |
| download | kernel_samsung_espresso10-ffd34fcbce326a88668075b9e5480cb301ac6a78.zip kernel_samsung_espresso10-ffd34fcbce326a88668075b9e5480cb301ac6a78.tar.gz kernel_samsung_espresso10-ffd34fcbce326a88668075b9e5480cb301ac6a78.tar.bz2 | |
tcp: tcp_replace_ts_recent() should not be called from tcp_validate_incoming()
[ Upstream commit bd090dfc634ddd711a5fbd0cadc6e0ab4977bcaf ]
We added support for RFC 5961 in latest kernels but TCP fails
to perform exhaustive check of ACK sequence.
We can update our view of peer tsval from a frame that is
later discarded by tcp_ack()
This makes timestamps enabled sessions vulnerable to injection of
a high tsval : peers start an ACK storm, since the victim
sends a dupack each time it receives an ACK from the other peer.
As tcp_validate_incoming() is called before tcp_ack(), we should
not peform tcp_replace_ts_recent() from it, and let callers do it
at the right time.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Nandita Dukkipati <nanditad@google.com>
Cc: H.K. Jerry Chu <hkchu@google.com>
Cc: Romain Francoise <romain@orebokech.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/sunrpc/auth_gss')
0 files changed, 0 insertions, 0 deletions