Bugtraq mailing list archives
Re: FreeBSD's RST validation
From: fetch () MUFFIN ARCADIA SPB RU (Andrey Alekseyev)
Date: Mon, 31 Aug 1998 19:57:37 +0400
Hello,
On Sun, 30 Aug 1998, Tristan Horn wrote:In my limited testing (oddly enough, not many people would consent to DoS), Solaris, OSF/1, Linux and Windows 98 appear to conform to RFC 793 in this regard. I have not yet been able to check NetBSD, OpenBSD, BSDI, etc.
I've made a small patch for my tcp_input.c against this and though it could be useful for someone else if it's quite correct (is it in this form RFC793 compliant and doesn't it break something?). System is FreeBSD 2.2.6-RELEASE and the patch is for original tcp_input.c (without ttcp patch applied, ref.FreeBSD-SA-98:03.ttcp) P.S. Thanks Aleph1 that original post didn't get thru (my stupid habit to make things in a hurry always does harm) --- tcp_input.c Mon Aug 31 19:20:45 1998 +++ tcp_input.c.orig Mon Aug 31 14:59:23 1998 @@ -807,9 +807,7 @@ goto dropwithreset; } if (tiflags & TH_RST) { - if ((tiflags & TH_ACK) && - SEQ_GT(ti->ti_ack, tp->snd_una) && - SEQ_LEQ(ti->ti_ack, tp->snd_max)) + if (tiflags & TH_ACK) tp = tcp_drop(tp, ECONNREFUSED); goto drop; } @@ -1137,11 +1135,7 @@ * CLOSING, LAST_ACK, TIME_WAIT STATES * Close the tcb. */ - if (tiflags&TH_RST) { - if ((tp->rcv_nxt > ti->ti_seq) || - (tp->rcv_nxt + tp->rcv_wnd) <= ti->ti_seq) - goto drop; - switch (tp->t_state) { + if (tiflags&TH_RST) switch (tp->t_state) { case TCPS_SYN_RECEIVED: so->so_error = ECONNREFUSED; @@ -1163,7 +1157,6 @@ case TCPS_TIME_WAIT: tp = tcp_close(tp); goto drop; - } } /* -- .fetch
Current thread:
- Re: Buffer overflows in Minicom 1.80.1, (continued)
- Re: Buffer overflows in Minicom 1.80.1 Alan Brown (Aug 29)
- Re: Buffer overflows in Minicom 1.80.1 M.C.Mar (Aug 31)
- Re: Buffer overflows in Minicom 1.80.1 Wichert Akkerman (Aug 31)
- buffer overflow in nslookup? Peter van Dijk (Aug 29)
- Re: buffer overflow in nslookup? Brandon Reynolds (Aug 29)
- Re: buffer overflow in nslookup? Peter van Dijk (Aug 30)
- FreeBSD's RST validation Tristan Horn (Aug 30)
- Re: FreeBSD's RST validation James Snow (Aug 30)
- Re: FreeBSD's RST validation Tristan Horn (Aug 30)
- port scanning. (fwd) Darren Reed (Aug 31)
- Re: FreeBSD's RST validation Andrey Alekseyev (Aug 31)
- Re: FreeBSD's RST validation Diane Bruce (Aug 30)
- Re: FreeBSD's RST validation Oliver Friedrichs (Aug 31)
- SEYON vulnerability in TurboLinux 2.0 Scott Stone (Aug 30)
- Re: buffer overflow in nslookup? www.devoid.net (Aug 30)
- Re: buffer overflow in nslookup? Benjamin J Stassart (Aug 30)
- Re: buffer overflow in nslookup? Theo de Raadt (Aug 31)
- Re: buffer overflow in nslookup? Uwe Ohse (Aug 31)
- Hole in Oracle Server/Developer 2000 - authentication protocol. Yaron Yanay (Aug 31)
- Re: buffer overflow in nslookup? Willy TARREAU (Aug 31)