Date: Tue, 19 May 1998 00:16:04 +0200 From: "Juan L. Freniche" <jlfreniche@acm.org> To: FreeBSD NET <freebsd-net@FreeBSD.ORG> Subject: Questions on FreeBSD Security Advisory: FreeBSD-SA-98:03.ttcp REVISED Message-ID: <3560B324.EE6EA57B@acm.org>
next in thread | raw e-mail | index | archive | help
This moorning a FreeBSD security advise was corrected in the FreeBSD anounce mail list, regarding a hole in the T/TCP implementation. It can be retrieve from ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:03/ The following modification to /usr/src/sys/netinet/tcp_input.c was recommended: @@ -680,7 +680,9 @@ * - otherwise do a normal 3-way handshake. */ if ((to.to_flag & TOF_CC) != 0) { - if (taop->tao_cc != 0 && CC_GT(to.to_cc, taop->tao_cc)) { + if (((tp->t_flags & TF_NOPUSH) != 0) && + taop->tao_cc != 0 && CC_GT(to.to_cc, taop->tao_cc)) { + taop->tao_cc = to.to_cc; tp->t_state = TCPS_ESTABLISHED; I don't understand completely the proposed solution: Remember that the state is Listen and TF_NOPUSH was set (see the code below the label findpcb in tcp_input.c). A segment is received, it pass if SYN present and other filters are OK. When reaching the TAO test, the proposal expand the test with (tp->t_flags & TF_NOPUSH) != 0), which is always true! Can anybody tell me what I am missing? Second question: in tcp_input.c, when the clone socket is created, the clone connection is moved to Listen and TF_NOPUSH is set. However, if you have a look to the ttcp man page, it is recommended (SERVER SUPPORT, item list 1) that TCP_NOPUSH be set for the master connection, but this flag is already set for any clone! Even more, if you reset the flag for the master connection, it will have no effect in their clones. By the way, setting the flag for clone connections is not found in the Stevens book, vol. 3. -- -------------------------- E-Mail: jlfreniche@acm.org -------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3560B324.EE6EA57B>