wok-next view linux/stuff/linux-CVE-2016-5696.u @ rev 19377
linux: CVE-2016-5696 (again)
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Sat Aug 13 10:23:10 2016 +0200 (2016-08-13) |
parents | ccc74276c193 |
children |
line source
1 based on http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758
2 --- linux-3.2.71/net/ipv4/tcp_input.c
3 +++ linux-3.2.71/net/ipv4/tcp_input.c
4 @@ -87,7 +87,7 @@
5 EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);
7 /* rfc5961 challenge ack rate limiting */
8 -int sysctl_tcp_challenge_ack_limit = 100;
9 +int sysctl_tcp_challenge_ack_limit = 1000;
11 int sysctl_tcp_stdurg __read_mostly;
12 int sysctl_tcp_rfc1337 __read_mostly;
13 @@ -3715,13 +3715,20 @@
14 /* unprotected vars, we dont care of overwrites */
15 static u32 challenge_timestamp;
16 static unsigned int challenge_count;
17 - u32 now = jiffies / HZ;
18 + u32 count, now = jiffies / HZ;
19 +#define READ_ONCE(a) a
20 +#define WRITE_ONCE(a,b) (a = b)
21 +#define prandom_u32_max(a) (net_random() % (a))
23 if (now != challenge_timestamp) {
24 + u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1;
25 challenge_timestamp = now;
26 - challenge_count = 0;
27 + WRITE_ONCE(challenge_count, half +
28 + prandom_u32_max(sysctl_tcp_challenge_ack_limit));
29 }
30 - if (++challenge_count <= sysctl_tcp_challenge_ack_limit) {
31 + count = READ_ONCE(challenge_count);
32 + if (count > 0) {
33 + WRITE_ONCE(challenge_count, count - 1);
34 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK);
35 tcp_send_ack(sk);
36 }