Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [netbsd-8] src/sys/netinet



Module Name:    src
Committed By:   martin
Date:           Fri Mar 30 11:17:19 UTC 2018

Modified Files:
        src/sys/netinet [netbsd-8]: tcp_input.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #662):

        sys/netinet/tcp_input.c: revision 1.383 (via patch)

Revert rev1.183 (2003).

It was intended as an optimization, but it increases the attack surface:

the IPsec policy is not enforced on RST packets when the socket is in the
LISTEN state, and an (unauthenticated) attacker could jam the connection
between two IPsec hosts by sending RST packets between the client's SYN
and ACK packets.

Discussed with ozaki-r@.


To generate a diff of this commit:
cvs rdiff -u -r1.357.4.2 -r1.357.4.3 src/sys/netinet/tcp_input.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index