All of lore.kernel.org
 help / color / mirror / Atom feed
* [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN
@ 2002-10-25  9:00 Florian Weimer
  2002-10-25 10:13 ` Alex Riesen
  2002-10-25 10:25 ` Alan Cox
  0 siblings, 2 replies; 5+ messages in thread
From: Florian Weimer @ 2002-10-25  9:00 UTC (permalink / raw)
  To: linux-kernel

This patch prevents SYN+RST and SYN+FIN segments which arrive in the
LISTEN state from initiating a three-way handshake.

I'm not sure if it is correct, but it's better than nothing (so far, I
haven't seen any patch for this issue).

--- tcp_input.c	2002/10/25 08:45:20	1.1
+++ tcp_input.c	2002/10/25 08:49:21
@@ -3668,6 +3668,8 @@
 	case TCP_LISTEN:
 		if(th->ack)
 			return 1;
+		if(th->rst || th->fin)
+			goto discard;
 
 		if(th->syn) {
 			if(tp->af_specific->conn_request(sk, skb) < 0)


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN
  2002-10-25  9:00 [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN Florian Weimer
@ 2002-10-25 10:13 ` Alex Riesen
  2002-10-25 10:16   ` Florian Weimer
  2002-10-25 10:25 ` Alan Cox
  1 sibling, 1 reply; 5+ messages in thread
From: Alex Riesen @ 2002-10-25 10:13 UTC (permalink / raw)
  To: Florian Weimer; +Cc: linux-kernel, davem

On Fri, Oct 25, 2002 at 11:00:43AM +0200, Florian Weimer wrote:
> This patch prevents SYN+RST and SYN+FIN segments which arrive in the
> LISTEN state from initiating a three-way handshake.
> 
> I'm not sure if it is correct, but it's better than nothing (so far, I
> haven't seen any patch for this issue).
> 
> --- tcp_input.c	2002/10/25 08:45:20	1.1
> +++ tcp_input.c	2002/10/25 08:49:21
> @@ -3668,6 +3668,8 @@
>  	case TCP_LISTEN:
>  		if(th->ack)
>  			return 1;
> +		if(th->rst || th->fin)
> +			goto discard;
>  
>  		if(th->syn) {
>  			if(tp->af_specific->conn_request(sk, skb) < 0)
> 

You mean to place the check below "if(th->syn)", don't you?

-alex

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN
  2002-10-25 10:13 ` Alex Riesen
@ 2002-10-25 10:16   ` Florian Weimer
  2002-10-25 10:33     ` Alex Riesen
  0 siblings, 1 reply; 5+ messages in thread
From: Florian Weimer @ 2002-10-25 10:16 UTC (permalink / raw)
  To: linux-kernel; +Cc: davem

Alex Riesen <Alexander.Riesen@synopsys.com> writes:

>> --- tcp_input.c	2002/10/25 08:45:20	1.1
>> +++ tcp_input.c	2002/10/25 08:49:21
>> @@ -3668,6 +3668,8 @@
>>  	case TCP_LISTEN:
>>  		if(th->ack)
>>  			return 1;
>> +		if(th->rst || th->fin)
>> +			goto discard;
>>  
>>  		if(th->syn) {
>>  			if(tp->af_specific->conn_request(sk, skb) < 0)
>> 
>
> You mean to place the check below "if(th->syn)", don't you?

No, of course not. :-) That's the whole point of the patch.
A SYN is not a SYN if it comes together with a RST.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN
  2002-10-25  9:00 [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN Florian Weimer
  2002-10-25 10:13 ` Alex Riesen
@ 2002-10-25 10:25 ` Alan Cox
  1 sibling, 0 replies; 5+ messages in thread
From: Alan Cox @ 2002-10-25 10:25 UTC (permalink / raw)
  To: Florian Weimer; +Cc: Linux Kernel Mailing List

On Fri, 2002-10-25 at 10:00, Florian Weimer wrote:
> This patch prevents SYN+RST and SYN+FIN segments which arrive in the
> LISTEN state from initiating a three-way handshake.
> 
> I'm not sure if it is correct, but it's better than nothing (so far, I
> haven't seen any patch for this issue).

I would disagree with the th->fin check. We don't want to break stuff
that is doing T/TCP initially. (Yes the advice people gave is badly
wrong - SYN|ACK|FIN is legal for example and some stacks generate it)

The th->rst is clearly correct however


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN
  2002-10-25 10:16   ` Florian Weimer
@ 2002-10-25 10:33     ` Alex Riesen
  0 siblings, 0 replies; 5+ messages in thread
From: Alex Riesen @ 2002-10-25 10:33 UTC (permalink / raw)
  To: Florian Weimer; +Cc: linux-kernel

On Fri, Oct 25, 2002 at 12:16:37PM +0200, Florian Weimer wrote:
> >> +		if(th->rst || th->fin)
> >> +			goto discard;
> >>  
> >>  		if(th->syn) {
> >>  			if(tp->af_specific->conn_request(sk, skb) < 0)
> >
> > You mean to place the check below "if(th->syn)", don't you?
> 
> No, of course not. :-) That's the whole point of the patch.
> A SYN is not a SYN if it comes together with a RST.

Oh, i see :)


^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-10-25 10:27 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-25  9:00 [SECURITY] CERT/CC VU#464113, SYN plus RST/FIN Florian Weimer
2002-10-25 10:13 ` Alex Riesen
2002-10-25 10:16   ` Florian Weimer
2002-10-25 10:33     ` Alex Riesen
2002-10-25 10:25 ` Alan Cox

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.