From owner-freebsd-security  Tue Jun  3 03:40:33 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id DAA21297
          for security-outgoing; Tue, 3 Jun 1997 03:40:33 -0700 (PDT)
Received: from plum.cyber.com.au (plum.cyber.com.au [203.7.155.24])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id DAA21234
          for <security@freebsd.org>; Tue, 3 Jun 1997 03:39:58 -0700 (PDT)
Received: (from darrenr@localhost) by plum.cyber.com.au (8.6.12/8.6.6) id UAA02820 for security@freebsd.org; Tue, 3 Jun 1997 20:39:11 +1000
From: Darren Reed <darrenr@cyber.com.au>
Message-Id: <199706031039.UAA02820@plum.cyber.com.au>
Subject: Re: TCP RST Handling in 2.2 (fwd)
To: security@freebsd.org
Date: Tue, 3 Jun 1997 20:39:11 +1000 (EST)
In-Reply-To: <199706030324.XAA20211@homeport.org> from "Adam Shostack" at Jun 2, 97 11:24:15 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


I've hacked on tcp_input() a bit and changed the handling of an RST.

I'd like it if a few others also tested this patch, seems to work ok
for me.

Cheers,
Darren

*** /sys/netinet/tcp_input.c.orig       Tue Jun  3 20:26:02 1997
--- /sys/netinet/tcp_input.c    Tue Jun  3 20:27:35 1997
***************
*** 1118,1145 ****
  	 *    CLOSING, LAST_ACK, TIME_WAIT STATES
  	 *      Close the tcb.
  	 */
! 	if (tiflags&TH_RST) switch (tp->t_state) {
  
! 	case TCPS_SYN_RECEIVED:
! 		so->so_error = ECONNREFUSED;
! 		goto close;
  
! 	case TCPS_ESTABLISHED:
! 	case TCPS_FIN_WAIT_1:
! 	case TCPS_FIN_WAIT_2:
! 	case TCPS_CLOSE_WAIT:
! 		so->so_error = ECONNRESET;
! 	close:
! 		tp->t_state = TCPS_CLOSED;
! 		tcpstat.tcps_drops++;
! 		tp = tcp_close(tp);
! 		goto drop;
  
! 	case TCPS_CLOSING:
! 	case TCPS_LAST_ACK:
! 	case TCPS_TIME_WAIT:
! 		tp = tcp_close(tp);
! 		goto drop;
  	}
  
  	/*
--- 1118,1153 ----
  	 *    CLOSING, LAST_ACK, TIME_WAIT STATES
  	 *      Close the tcb.
  	 */
! 	if (tiflags&TH_RST) {
  
! 		if ((ti->ti_seq != tp->rcv_nxt) ||
! 		    (ti->ti_ack && ((SEQ_LEQ(ti->ti_ack, tp->iss) ||
! 		      SEQ_GT(ti->ti_ack, tp->snd_max)))))
! 			goto drop;
  
! 		switch (tp->t_state) {
! 		
! 		case TCPS_SYN_RECEIVED:
! 			so->so_error = ECONNREFUSED;
! 			goto close;
  
! 		case TCPS_ESTABLISHED:
! 		case TCPS_FIN_WAIT_1:
! 		case TCPS_FIN_WAIT_2:
! 		case TCPS_CLOSE_WAIT:
! 			so->so_error = ECONNRESET;
! 		close:
! 			tp->t_state = TCPS_CLOSED;
! 			tcpstat.tcps_drops++;
! 			tp = tcp_close(tp);
! 			goto drop;
! 
! 		case TCPS_CLOSING:
! 		case TCPS_LAST_ACK:
! 		case TCPS_TIME_WAIT:
! 			tp = tcp_close(tp);
! 			goto drop;
! 		}
  	}
  
  	/*