tcp: validate fin seq in closing states

author Florin Coras <fcoras@cisco.com>

Fri, 6 Nov 2020 22:21:26 +0000 (14:21 -0800)

committer Dave Barach <openvpp@barachs.net>

Wed, 11 Nov 2020 16:47:50 +0000 (16:47 +0000)
author Florin Coras <fcoras@cisco.com>
Fri, 6 Nov 2020 22:21:26 +0000 (14:21 -0800)
committer Dave Barach <openvpp@barachs.net>
Wed, 11 Nov 2020 16:47:50 +0000 (16:47 +0000)
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c

index 182062f..912b193 100644 (file)
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -2386,6 +2386,9 @@ tcp46_rcv_process_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
         case TCP_STATE_FIN_WAIT_2:
           if (vnet_buffer (b0)->tcp.data_len)
             error0 = tcp_segment_rcv (wrk, tc0, b0);
+         /* Don't accept out of order fins lower */
+         if (vnet_buffer (b0)->tcp.seq_end != tc0->rcv_nxt)
+           goto drop;
           break;
         case TCP_STATE_CLOSE_WAIT:
         case TCP_STATE_CLOSING:
author	Florin Coras <fcoras@cisco.com>
	Fri, 6 Nov 2020 22:21:26 +0000 (14:21 -0800)
committer	Dave Barach <openvpp@barachs.net>
	Wed, 11 Nov 2020 16:47:50 +0000 (16:47 +0000)