]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit
projects / mirror_ubuntu-zesty-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d523d85) | patch
tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
authorWei Wang <weiwan@google.com>
Mon, 11 Sep 2017 06:23:00 +0000 (08:23 +0200)
committerStefan Bader <stefan.bader@canonical.com>
Fri, 15 Sep 2017 13:30:10 +0000 (15:30 +0200)
commit655c2dadb43db14175b4e4447dbeca7c1d4f6522
tree010de135ffee89af263247428f54cfa1c29fb23ftree
parentd523d85ea2c94c904912dee90a71f22f479e5a62commit | diff
tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

CVE-2017-14106

When tcp_disconnect() is called, inet_csk_delack_init() sets
icsk->icsk_ack.rcv_mss to 0.
This could potentially cause tcp_recvmsg() => tcp_cleanup_rbuf() =>
__tcp_select_window() call path to have division by 0 issue.
So this patch initializes rcv_mss to TCP_MIN_MSS instead of 0.

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Wei Wang <weiwan@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 499350a5a6e7512d9ed369ed63a4244b6536f4f8)
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Colin King <colin.king@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
net/ipv4/tcp.c diff | blob | blame | history
ubuntu-zesty-kernel mirror