From owner-svn-src-releng@FreeBSD.ORG  Tue Sep 16 09:50:23 2014
Return-Path: <owner-svn-src-releng@FreeBSD.ORG>
Delivered-To: svn-src-releng@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 255F0499;
 Tue, 16 Sep 2014 09:50:23 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0B7ACF7F;
 Tue, 16 Sep 2014 09:50:23 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id s8G9oMIs063280;
 Tue, 16 Sep 2014 09:50:22 GMT (envelope-from delphij@FreeBSD.org)
Received: (from delphij@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id s8G9oJR7063260;
 Tue, 16 Sep 2014 09:50:19 GMT (envelope-from delphij@FreeBSD.org)
Message-Id: <201409160950.s8G9oJR7063260@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: delphij set sender to
 delphij@FreeBSD.org using -f
From: Xin LI <delphij@FreeBSD.org>
Date: Tue, 16 Sep 2014 09:50:19 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-releng@freebsd.org
Subject: svn commit: r271669 - in releng: 10.0 10.0/sys/conf 10.0/sys/netinet
 8.4 8.4/sys/conf 8.4/sys/netinet 9.1 9.1/sys/conf 9.1/sys/netinet 9.2
 9.2/sys/conf 9.2/sys/netinet 9.3 9.3/sys/conf 9.3/sys/netinet
X-SVN-Group: releng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-releng@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the release engineering / security commits to
 the src tree <svn-src-releng.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-releng/>
List-Post: <mailto:svn-src-releng@freebsd.org>
List-Help: <mailto:svn-src-releng-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-releng>,
 <mailto:svn-src-releng-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Sep 2014 09:50:23 -0000

Author: delphij
Date: Tue Sep 16 09:50:19 2014
New Revision: 271669
URL: http://svnweb.freebsd.org/changeset/base/271669

Log:
  Fix Denial of Service in TCP packet processing.
  
  Security:	FreeBSD-SA-14:19.tcp
  Approved by:	so

Modified:
  releng/10.0/UPDATING
  releng/10.0/sys/conf/newvers.sh
  releng/10.0/sys/netinet/tcp_input.c
  releng/8.4/UPDATING
  releng/8.4/sys/conf/newvers.sh
  releng/8.4/sys/netinet/tcp_input.c
  releng/9.1/UPDATING
  releng/9.1/sys/conf/newvers.sh
  releng/9.1/sys/netinet/tcp_input.c
  releng/9.2/UPDATING
  releng/9.2/sys/conf/newvers.sh
  releng/9.2/sys/netinet/tcp_input.c
  releng/9.3/UPDATING
  releng/9.3/sys/conf/newvers.sh
  releng/9.3/sys/netinet/tcp_input.c

Modified: releng/10.0/UPDATING
==============================================================================
--- releng/10.0/UPDATING	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/10.0/UPDATING	Tue Sep 16 09:50:19 2014	(r271669)
@@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH
 stable/10, and then rebuild without this option. The bootstrap process from
 older version of current is a bit fragile.
 
+20140916:	p9	FreeBSD-SA-14:19.tcp
+	Fix Denial of Service in TCP packet processing. [SA-14:19]
+
 20140909:	p8	FreeBSD-SA-14:18.openssl
 	Fix OpenSSL multiple vulnerabilities. [SA-14:18]
 

Modified: releng/10.0/sys/conf/newvers.sh
==============================================================================
--- releng/10.0/sys/conf/newvers.sh	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/10.0/sys/conf/newvers.sh	Tue Sep 16 09:50:19 2014	(r271669)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="10.0"
-BRANCH="RELEASE-p8"
+BRANCH="RELEASE-p9"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/10.0/sys/netinet/tcp_input.c
==============================================================================
--- releng/10.0/sys/netinet/tcp_input.c	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/10.0/sys/netinet/tcp_input.c	Tue Sep 16 09:50:19 2014	(r271669)
@@ -2202,11 +2202,7 @@ tcp_do_segment(struct mbuf *m, struct tc
 
 	todrop = tp->rcv_nxt - th->th_seq;
 	if (todrop > 0) {
-		/*
-		 * If this is a duplicate SYN for our current connection,
-		 * advance over it and pretend and it's not a SYN.
-		 */
-		if (thflags & TH_SYN && th->th_seq == tp->irs) {
+		if (thflags & TH_SYN) {
 			thflags &= ~TH_SYN;
 			th->th_seq++;
 			if (th->th_urp > 1)

Modified: releng/8.4/UPDATING
==============================================================================
--- releng/8.4/UPDATING	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/8.4/UPDATING	Tue Sep 16 09:50:19 2014	(r271669)
@@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
 	debugging tools present in HEAD were left in place because
 	sun4v support still needs work to become production ready.
 
+20140916:	p16	FreeBSD-SA-14:19.tcp
+	Fix Denial of Service in TCP packet processing. [SA-14:19]
+
 20140909:	p15	FreeBSD-SA-14:18.openssl
 	Fix OpenSSL multiple vulnerabilities. [SA-14:18]
 

Modified: releng/8.4/sys/conf/newvers.sh
==============================================================================
--- releng/8.4/sys/conf/newvers.sh	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/8.4/sys/conf/newvers.sh	Tue Sep 16 09:50:19 2014	(r271669)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="8.4"
-BRANCH="RELEASE-p15"
+BRANCH="RELEASE-p16"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/8.4/sys/netinet/tcp_input.c
==============================================================================
--- releng/8.4/sys/netinet/tcp_input.c	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/8.4/sys/netinet/tcp_input.c	Tue Sep 16 09:50:19 2014	(r271669)
@@ -2092,11 +2092,7 @@ tcp_do_segment(struct mbuf *m, struct tc
 
 	todrop = tp->rcv_nxt - th->th_seq;
 	if (todrop > 0) {
-		/*
-		 * If this is a duplicate SYN for our current connection,
-		 * advance over it and pretend and it's not a SYN.
-		 */
-		if (thflags & TH_SYN && th->th_seq == tp->irs) {
+		if (thflags & TH_SYN) {
 			thflags &= ~TH_SYN;
 			th->th_seq++;
 			if (th->th_urp > 1)

Modified: releng/9.1/UPDATING
==============================================================================
--- releng/9.1/UPDATING	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/9.1/UPDATING	Tue Sep 16 09:50:19 2014	(r271669)
@@ -9,6 +9,9 @@ handbook.
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20140916:	p19	FreeBSD-SA-14:19.tcp
+	Fix Denial of Service in TCP packet processing. [SA-14:19]
+
 20140909:	p18	FreeBSD-SA-14:18.openssl
 	Fix OpenSSL multiple vulnerabilities. [SA-14:18]
 

Modified: releng/9.1/sys/conf/newvers.sh
==============================================================================
--- releng/9.1/sys/conf/newvers.sh	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/9.1/sys/conf/newvers.sh	Tue Sep 16 09:50:19 2014	(r271669)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.1"
-BRANCH="RELEASE-p18"
+BRANCH="RELEASE-p19"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/9.1/sys/netinet/tcp_input.c
==============================================================================
--- releng/9.1/sys/netinet/tcp_input.c	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/9.1/sys/netinet/tcp_input.c	Tue Sep 16 09:50:19 2014	(r271669)
@@ -2161,11 +2161,7 @@ tcp_do_segment(struct mbuf *m, struct tc
 
 	todrop = tp->rcv_nxt - th->th_seq;
 	if (todrop > 0) {
-		/*
-		 * If this is a duplicate SYN for our current connection,
-		 * advance over it and pretend and it's not a SYN.
-		 */
-		if (thflags & TH_SYN && th->th_seq == tp->irs) {
+		if (thflags & TH_SYN) {
 			thflags &= ~TH_SYN;
 			th->th_seq++;
 			if (th->th_urp > 1)

Modified: releng/9.2/UPDATING
==============================================================================
--- releng/9.2/UPDATING	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/9.2/UPDATING	Tue Sep 16 09:50:19 2014	(r271669)
@@ -11,6 +11,9 @@ handbook:
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20140916:	p12	FreeBSD-SA-14:19.tcp
+	Fix Denial of Service in TCP packet processing. [SA-14:19]
+
 20140909:	p11	FreeBSD-SA-14:18.openssl
 	Fix OpenSSL multiple vulnerabilities. [SA-14:18]
 

Modified: releng/9.2/sys/conf/newvers.sh
==============================================================================
--- releng/9.2/sys/conf/newvers.sh	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/9.2/sys/conf/newvers.sh	Tue Sep 16 09:50:19 2014	(r271669)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.2"
-BRANCH="RELEASE-p11"
+BRANCH="RELEASE-p12"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/9.2/sys/netinet/tcp_input.c
==============================================================================
--- releng/9.2/sys/netinet/tcp_input.c	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/9.2/sys/netinet/tcp_input.c	Tue Sep 16 09:50:19 2014	(r271669)
@@ -2181,11 +2181,7 @@ tcp_do_segment(struct mbuf *m, struct tc
 
 	todrop = tp->rcv_nxt - th->th_seq;
 	if (todrop > 0) {
-		/*
-		 * If this is a duplicate SYN for our current connection,
-		 * advance over it and pretend and it's not a SYN.
-		 */
-		if (thflags & TH_SYN && th->th_seq == tp->irs) {
+		if (thflags & TH_SYN) {
 			thflags &= ~TH_SYN;
 			th->th_seq++;
 			if (th->th_urp > 1)

Modified: releng/9.3/UPDATING
==============================================================================
--- releng/9.3/UPDATING	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/9.3/UPDATING	Tue Sep 16 09:50:19 2014	(r271669)
@@ -11,6 +11,9 @@ handbook:
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20140916:	p2	FreeBSD-SA-14:19.tcp
+	Fix Denial of Service in TCP packet processing. [SA-14:19]
+
 20140909:	p1	FreeBSD-SA-14:18.openssl
 	Fix OpenSSL multiple vulnerabilities. [SA-14:18]
 

Modified: releng/9.3/sys/conf/newvers.sh
==============================================================================
--- releng/9.3/sys/conf/newvers.sh	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/9.3/sys/conf/newvers.sh	Tue Sep 16 09:50:19 2014	(r271669)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.3"
-BRANCH="RELEASE-p1"
+BRANCH="RELEASE-p2"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
 	BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/9.3/sys/netinet/tcp_input.c
==============================================================================
--- releng/9.3/sys/netinet/tcp_input.c	Tue Sep 16 09:49:11 2014	(r271668)
+++ releng/9.3/sys/netinet/tcp_input.c	Tue Sep 16 09:50:19 2014	(r271669)
@@ -2181,11 +2181,7 @@ tcp_do_segment(struct mbuf *m, struct tc
 
 	todrop = tp->rcv_nxt - th->th_seq;
 	if (todrop > 0) {
-		/*
-		 * If this is a duplicate SYN for our current connection,
-		 * advance over it and pretend and it's not a SYN.
-		 */
-		if (thflags & TH_SYN && th->th_seq == tp->irs) {
+		if (thflags & TH_SYN) {
 			thflags &= ~TH_SYN;
 			th->th_seq++;
 			if (th->th_urp > 1)