wok view linux/stuff/linux-CVE-2016-5696.u @ rev 19376
linux: CVE-2016-5696
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Sat Aug 13 09:04:52 2016 +0200 (2016-08-13) |
| parents | |
| children | 707e4ea3a113 |
line source
1 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758
2 --- linux-3.2.71/net/ipv4/tcp_input.c
3 +++ linux-3.2.71/net/ipv4/tcp_input.c
4 @@ -87,7 +87,7 @@
5 EXPORT_SYMBOL(sysctl_tcp_adv_win_scale);
7 /* rfc5961 challenge ack rate limiting */
8 -int sysctl_tcp_challenge_ack_limit = 100;
9 +int sysctl_tcp_challenge_ack_limit = 1000;
11 int sysctl_tcp_stdurg __read_mostly;
12 int sysctl_tcp_rfc1337 __read_mostly;
13 @@ -3715,13 +3715,17 @@
14 /* unprotected vars, we dont care of overwrites */
15 static u32 challenge_timestamp;
16 static unsigned int challenge_count;
17 - u32 now = jiffies / HZ;
18 + u32 count, now = jiffies / HZ;
20 if (now != challenge_timestamp) {
21 + u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1;
22 challenge_timestamp = now;
23 - challenge_count = 0;
24 + WRITE_ONCE(challenge_count, half +
25 + prandom_u32_max(sysctl_tcp_challenge_ack_limit));
26 }
27 - if (++challenge_count <= sysctl_tcp_challenge_ack_limit) {
28 + count = READ_ONCE(challenge_count);
29 + if (count > 0) {
30 + WRITE_ONCE(challenge_count, count - 1);
31 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK);
32 tcp_send_ack(sk);
33 }