d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ensure net.inet.tcp.syncache.rexmtlimit is limited by TCP_MAXRXTSHIFT.

Browse Source 
If the sysctl variable is set to a value larger than TCP_MAXRXTSHIFT+1,
the array tcp_syn_backoff[] is accessed out of bounds.

Discussed with: jtl@
MFC after:	3 days
Sponsored by:	Netflix, Inc.
This commit is contained in:
Michael Tuexen 2018-06-01 19:58:19 +00:00
parent 1d01804309
commit badef00d58
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=334494
1 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
sys/netinet/tcp_syncache.c
View File

@ -183,8 +183,27 @@ SYSCTL_UINT(_net_inet_tcp_syncache, OID_AUTO, hashsize, CTLFLAG_VNET | CTLFLAG_R
&VNET_NAME(tcp_syncache.hashsize), 0,
"Size of TCP syncache hashtable");
SYSCTL_UINT(_net_inet_tcp_syncache, OID_AUTO, rexmtlimit, CTLFLAG_VNET | CTLFLAG_RW,
static int
sysctl_net_inet_tcp_syncache_rexmtlimit_check(SYSCTL_HANDLER_ARGS)
{
int error;
u_int new;
new = V_tcp_syncache.rexmt_limit;
error = sysctl_handle_int(oidp, &new, 0, req);
if ((error == 0) && (req->newptr != NULL)) {
if (new > TCP_MAXRXTSHIFT)
error = EINVAL;
else
V_tcp_syncache.rexmt_limit = new;
}
return (error);
}
SYSCTL_PROC(_net_inet_tcp_syncache, OID_AUTO, rexmtlimit,
CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
&VNET_NAME(tcp_syncache.rexmt_limit), 0,
sysctl_net_inet_tcp_syncache_rexmtlimit_check, "UI",
"Limit on SYN/ACK retransmissions");
VNET_DEFINE(int, tcp_sc_rst_sock_fail) = 1;