summaryrefslogtreecommitdiffstats
path: root/src/vnet/tcp
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2020-11-06 14:21:26 -0800
committerDave Barach <openvpp@barachs.net>2020-11-11 16:47:50 +0000
commitc67724a224c8118d402fbe0d1c1cca6e7b01f892 (patch)
tree221989a8ae79eee4e8066e549dd0eb64a9ba03b2 /src/vnet/tcp
parentca78b56a7b35fdec5c9a4633d8be3c4b15e4dd9a (diff)
tcp: validate fin seq in closing states
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id8673cff699cfdc1ac68797b9ab5cdf6f6b578a3
Diffstat (limited to 'src/vnet/tcp')
-rw-r--r--src/vnet/tcp/tcp_input.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c
index 182062f1b42..912b193bf94 100644
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -2386,6 +2386,9 @@ tcp46_rcv_process_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
case TCP_STATE_FIN_WAIT_2:
if (vnet_buffer (b0)->tcp.data_len)
error0 = tcp_segment_rcv (wrk, tc0, b0);
+ /* Don't accept out of order fins lower */
+ if (vnet_buffer (b0)->tcp.seq_end != tc0->rcv_nxt)
+ goto drop;
break;
case TCP_STATE_CLOSE_WAIT:
case TCP_STATE_CLOSING: