Add FreeBSD patch (check for SYN packets arriving at a socket in

LISTEN state with source address/port == destination address/port).
2025-01-10 06:47:55 -08:00 · 1998-03-18 02:37:47 +00:00 · 1998-03-18 02:37:47 +00:00 · e96da05183
commit e96da05183
parent 5ce38a0136
2 changed files with 28 additions and 8 deletions
--- a/sys/netinet/tcp_input.c
+++ b/sys/netinet/tcp_input.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_input.c,v 1.17 1997/11/12 20:59:44 deraadt Exp $	*/
+/*	$OpenBSD: tcp_input.c,v 1.18 1998/03/18 02:37:47 angelos Exp $	*/
 /*	$NetBSD: tcp_input.c,v 1.23 1996/02/13 23:43:44 christos Exp $	*/

 /*
@ -740,6 +740,7 @@ findpcb:
 	 * If the state is LISTEN then ignore segment if it contains an RST.
 	 * If the segment contains an ACK then it is bad and send a RST.
 	 * If it does not contain a SYN then it is not interesting; drop it.
+	 * If it is from this socket, drop it, it must be forged.
 	 * Don't bother responding if the destination was a broadcast.
 	 * Otherwise initialize tp->rcv_nxt, and tp->irs, select an initial
 	 * tp->iss, and send a segment:
@ -759,6 +760,9 @@ findpcb:
 			goto dropwithreset;
 		if ((tiflags & TH_SYN) == 0)
 			goto drop;
+		if ((ti->ti_dport == ti->ti_sport) &&
+		    (ti->ti_dst.s_addr == ti->ti_src.s_addr))
+		 	goto drop;

 #ifdef TCPCOOKIE
 		/*
@ -835,6 +839,24 @@ findpcb:
 		goto trimthenstep6;
 		}

+	/*
+	 * If the state is SYN_RECEIVED:
+	 * 	if seg contains SYN/ACK, send an RST.
+	 *	if seg contains an ACK, but not for our SYN/ACK, send an RST
+  	 */
+
+	case TCPS_SYN_RECEIVED:
+		if (tiflags & TH_ACK) {
+			if (tiflags & TH_SYN) {
+				tcpstat.tcps_badsyn++;
+				goto dropwithreset;
+			}
+			if (SEQ_LEQ(ti->ti_ack, tp->snd_una) ||
+			    SEQ_GT(ti->ti_ack, tp->snd_max))
+				goto dropwithreset;
+		}
+		break;
+
 	/*
 	 * If the state is SYN_SENT:
 	 *	if seg contains an ACK, but not for our SYN, drop the input.
@ -1108,14 +1130,11 @@ trimthenstep6:
 	switch (tp->t_state) {

 	/*
-	 * In SYN_RECEIVED state if the ack ACKs our SYN then enter
-	 * ESTABLISHED state and continue processing, otherwise
-	 * send an RST.
+	 * In SYN_RECEIVED state, the ack ACKs our SYN, so enter
+	 * ESTABLISHED state and continue processing.
+	 * The ACK was checked above.
 	 */
 	case TCPS_SYN_RECEIVED:
-		if (SEQ_GT(tp->snd_una, ti->ti_ack) ||
-		    SEQ_GT(ti->ti_ack, tp->snd_max))
-			goto dropwithreset;
 		tcpstat.tcps_connects++;
 		soisconnected(so);
 		tp->t_state = TCPS_ESTABLISHED;
--- a/sys/netinet/tcp_var.h
+++ b/sys/netinet/tcp_var.h
@ -1,4 +1,4 @@
-/*	$OpenBSD: tcp_var.h,v 1.9 1998/01/24 18:21:39 mickey Exp $	*/
+/*	$OpenBSD: tcp_var.h,v 1.10 1998/03/18 02:37:49 angelos Exp $	*/
 /*	$NetBSD: tcp_var.h,v 1.17 1996/02/13 23:44:24 christos Exp $	*/

 /*
@ -225,6 +225,7 @@ struct	tcpstat {

 	u_long	tcps_pcbhashmiss;	/* input packets missing pcb hash */
 	u_long	tcps_noport;		/* no socket on port */
+	u_long	tcps_badsyn;		/* SYN packet with src==dst rcv'ed */
 };

 /*