From owner-svn-src-head@freebsd.org Fri Nov 20 13:00:29 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 57F522E9FA5; Fri, 20 Nov 2020 13:00:29 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CcxVP235tz3LDq; Fri, 20 Nov 2020 13:00:29 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 394A0163C9; Fri, 20 Nov 2020 13:00:29 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0AKD0T0h046563; Fri, 20 Nov 2020 13:00:29 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0AKD0TDW046562; Fri, 20 Nov 2020 13:00:29 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <202011201300.0AKD0TDW046562@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Fri, 20 Nov 2020 13:00:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r367891 - head/sys/netinet X-SVN-Group: head X-SVN-Commit-Author: tuexen X-SVN-Commit-Paths: head/sys/netinet X-SVN-Commit-Revision: 367891 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Nov 2020 13:00:29 -0000 Author: tuexen Date: Fri Nov 20 13:00:28 2020 New Revision: 367891 URL: https://svnweb.freebsd.org/changeset/base/367891 Log: Fix an issue I introuced in r367530: tcp_twcheck() can be called with to == NULL for SYN segments. So don't assume tp != NULL. Thanks to jhb@ for reporting and suggesting a fix. PR: 250499 MFC after: 1 week XMFC-with: r367530 Sponsored by: Netflix, Inc. Modified: head/sys/netinet/tcp_timewait.c Modified: head/sys/netinet/tcp_timewait.c ============================================================================== --- head/sys/netinet/tcp_timewait.c Fri Nov 20 12:31:02 2020 (r367890) +++ head/sys/netinet/tcp_timewait.c Fri Nov 20 13:00:28 2020 (r367891) @@ -374,6 +374,7 @@ tcp_twstart(struct tcpcb *tp) /* * Returns 1 if the TIME_WAIT state was killed and we should start over, * looking for a pcb in the listen state. Returns 0 otherwise. + * It be called with to == NULL only for pure SYN-segments. */ int tcp_twcheck(struct inpcb *inp, struct tcpopt *to, struct tcphdr *th, @@ -397,6 +398,8 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, stru goto drop; thflags = th->th_flags; + KASSERT(to != NULL || (thflags & (TH_SYN | TH_ACK)) == TH_SYN, + ("tcp_twcheck: called without options on a non-SYN segment")); /* * NOTE: for FIN_WAIT_2 (to be added later), @@ -411,16 +414,6 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, stru if (thflags & TH_RST) goto drop; - /* - * If timestamps were negotiated during SYN/ACK and a - * segment without a timestamp is received, silently drop - * the segment. - * See section 3.2 of RFC 7323. - */ - if (((to->to_flags & TOF_TS) == 0) && (tw->t_recent != 0)) { - goto drop; - } - #if 0 /* PAWS not needed at the moment */ /* @@ -454,6 +447,16 @@ tcp_twcheck(struct inpcb *inp, struct tcpopt *to, stru */ if ((thflags & TH_ACK) == 0) goto drop; + + /* + * If timestamps were negotiated during SYN/ACK and a + * segment without a timestamp is received, silently drop + * the segment. + * See section 3.2 of RFC 7323. + */ + if (((to->to_flags & TOF_TS) == 0) && (tw->t_recent != 0)) { + goto drop; + } /* * Reset the 2MSL timer if this is a duplicate FIN.