Author: tuexen
Date: Fri Jun 1 19:58:19 2018
New Revision: 334494
URL: https://svnweb.freebsd.org/changeset/base/334494
Log:
Ensure net.inet.tcp.syncache.rexmtlimit is limited by TCP_MAXRXTSHIFT.
If the sysctl variable is set to a value larger than TCP_MAXRXTSHIFT+1,
the array tcp_syn_backoff[] is accessed out of bounds.
Discussed with: jtl@
MFC after: 3 days
Sponsored by: Netflix, Inc.
Modified:
head/sys/netinet/tcp_syncache.c
Modified: head/sys/netinet/tcp_syncache.c
==============================================================================
--- head/sys/netinet/tcp_syncache.c Fri Jun 1 19:56:41 2018
(r334493)
+++ head/sys/netinet/tcp_syncache.c Fri Jun 1 19:58:19 2018
(r334494)
@@ -183,8 +183,27 @@ SYSCTL_UINT(_net_inet_tcp_syncache, OID_AUTO, hashsize
&VNET_NAME(tcp_syncache.hashsize), 0,
"Size of TCP syncache hashtable");
-SYSCTL_UINT(_net_inet_tcp_syncache, OID_AUTO, rexmtlimit, CTLFLAG_VNET |
CTLFLAG_RW,
+static int
+sysctl_net_inet_tcp_syncache_rexmtlimit_check(SYSCTL_HANDLER_ARGS)
+{
+ int error;
+ u_int new;
+
+ new = V_tcp_syncache.rexmt_limit;
+ error = sysctl_handle_int(oidp, &new, 0, req);
+ if ((error == 0) && (req->newptr != NULL)) {
+ if (new > TCP_MAXRXTSHIFT)
+ error = EINVAL;
+ else
+ V_tcp_syncache.rexmt_limit = new;
+ }
+ return (error);
+}
+
+SYSCTL_PROC(_net_inet_tcp_syncache, OID_AUTO, rexmtlimit,
+ CTLFLAG_VNET | CTLTYPE_UINT | CTLFLAG_RW,
&VNET_NAME(tcp_syncache.rexmt_limit), 0,
+ sysctl_net_inet_tcp_syncache_rexmtlimit_check, "UI",
"Limit on SYN/ACK retransmissions");
VNET_DEFINE(int, tcp_sc_rst_sock_fail) = 1;
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
