Fix a bug introduced with r182851 splitting tcp_mss() into

tcp_mss() and tcp_mss_update() so that tcp_mtudisc() could re-use the same code. In case we return early and got a metricptr to pass the hostcache info back to the caller we need to initialize the data to a defined state (zero it) as tcp_hc_get() would do if there was no hit. Without that the caller would check on random stack garbage which could lead to undefined results. This only affected tcp_mss() if there was no routing entry for the peer, tcp_mtudisc() was not affected. MFC after: 2 months (along with r182851)
svn path=/head/; revision=184720
2008-11-06 12:33:33 +00:00 · 2008-11-06 12:33:33 +00:00 · 6f01cac68a · 2020-12-20 02:59:44 +00:00
commit 6f01cac68a
parent c3c1513719
1 changed files with 9 additions and 1 deletions
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@ -2847,8 +2847,16 @@ tcp_mss_update(struct tcpcb *tp, int offer, struct hc_metrics_lite *metricptr)
 	/*
 	 * No route to sender, stay with default mss and return.
 	 */
-	if (maxmtu == 0)
+	if (maxmtu == 0) {
+		/*
+		 * In case we return early we need to intialize metrics
+		 * to a defined state as tcp_hc_get() would do for us
+		 * if there was no cache hit.
+		 */
+		if (metricptr != NULL)
+			bzero(metricptr, sizeof(struct hc_metrics_lite));
 		return;
+	}

 	/* Check the interface for TSO capabilities. */
 	if (mtuflags & CSUM_TSO)