From c67724a224c8118d402fbe0d1c1cca6e7b01f892 Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Fri, 6 Nov 2020 14:21:26 -0800 Subject: tcp: validate fin seq in closing states Type: fix Signed-off-by: Florin Coras Change-Id: Id8673cff699cfdc1ac68797b9ab5cdf6f6b578a3 --- src/vnet/tcp/tcp_input.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/vnet/tcp') diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c index 182062f1b42..912b193bf94 100644 --- a/src/vnet/tcp/tcp_input.c +++ b/src/vnet/tcp/tcp_input.c @@ -2386,6 +2386,9 @@ tcp46_rcv_process_inline (vlib_main_t * vm, vlib_node_runtime_t * node, case TCP_STATE_FIN_WAIT_2: if (vnet_buffer (b0)->tcp.data_len) error0 = tcp_segment_rcv (wrk, tc0, b0); + /* Don't accept out of order fins lower */ + if (vnet_buffer (b0)->tcp.seq_end != tc0->rcv_nxt) + goto drop; break; case TCP_STATE_CLOSE_WAIT: case TCP_STATE_CLOSING: -- cgit 1.2.3-korg