From: Florin Coras <fcoras@cisco.com>
Date: Wed, 12 Dec 2018 22:34:38 +0000 (-0800)
Subject: tcp: validate seq for handshake ack
X-Git-Tag: v19.04-rc0~180
X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;h=4850e3e73c61830516ac9ccb22976be685bea3b5;hp=42ceddb7cd836a89a12b0b8e623b06bc4c0cc0cb;p=vpp.git

tcp: validate seq for handshake ack

Change-Id: Ifc0584d781efc30904069ea17c0afbb68c49c442
Signed-off-by: Florin Coras <fcoras@cisco.com>
---

diff --git a/src/vcl/vcl_bapi.c b/src/vcl/vcl_bapi.c
index 457fc18b1c2..b513bd7a6b3 100644
--- a/src/vcl/vcl_bapi.c
+++ b/src/vcl/vcl_bapi.c
@@ -98,6 +98,7 @@ vcl_segment_detach (u64 segment_handle)
   segment = svm_fifo_segment_get_segment (sm, segment_index);
   svm_fifo_segment_delete (sm, segment);
   vcl_segment_table_del (segment_handle);
+  VDBG (0, "detached segment %u handle %u", segment_index, segment_handle);
 }
 
 static u64
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c
index f04fa5d8901..395943739e8 100644
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -2724,6 +2724,14 @@ tcp46_rcv_process_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 	      goto drop;
 	    }
 
+	  /* Make sure the ack is exactly right */
+	  if (tc0->rcv_nxt != vnet_buffer (b0)->tcp.seq_number)
+	    {
+	      error0 = TCP_ERROR_SEGMENT_INVALID;
+	      tcp_send_reset_w_pkt (tc0, b0, is_ip4);
+	      goto drop;
+	    }
+
 	  /* Update rtt and rto */
 	  tcp_estimate_initial_rtt (tc0);