From edbc8634ebb59aafb58b0d2ad56e0a4036836194 Mon Sep 17 00:00:00 2001 From: xiusailong Date: Fri, 8 Jul 2022 14:41:45 +0800 Subject: [PATCH] sync two patches from 20.03-LTS-SP1 --- ...t-tcp-fix-sequence-number-comparison.patch | 36 ++++++++++++ ...p-tighten-up-checks-for-received-SYN.patch | 58 +++++++++++++++++++ lwip.spec | 8 ++- 3 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 backport-tcp-fix-sequence-number-comparison.patch create mode 100644 backport-tcp-tighten-up-checks-for-received-SYN.patch diff --git a/backport-tcp-fix-sequence-number-comparison.patch b/backport-tcp-fix-sequence-number-comparison.patch new file mode 100644 index 0000000..5c0f960 --- /dev/null +++ b/backport-tcp-fix-sequence-number-comparison.patch @@ -0,0 +1,36 @@ +From 003d34eebd223c16a3dbf6a970bb6e23cb7d1a24 Mon Sep 17 00:00:00 2001 +From: Simon Goldschmidt +Date: Fri, 27 Mar 2020 22:59:05 +0100 +Subject: [PATCH] tcp: fix sequence number comparison +This fixes both undefined behavior (see bug #51447) as well as a possible bug +where sequence numbers in 31 bit distance may come through. +Conflict: NA +Reference: https://git.savannah.gnu.org/cgit/lwip.git/commit/?id=003d34eebd223c16a3dbf6a970bb6e23cb7d1a24 +--- + src/include/lwip/priv/tcp_priv.h | 11 ++++------- + 1 file changed, 4 insertions(+), 7 deletions(-) +diff --git a/src/include/lwip/priv/tcp_priv.h b/src/include/lwip/priv/tcp_priv.h +index 72f9126d..c84b5be8 100644 +--- a/src/include/lwip/priv/tcp_priv.h ++++ b/src/include/lwip/priv/tcp_priv.h +@@ -106,14 +106,11 @@ err_t tcp_process_refused_data(struct tcp_pcb *pcb); + #define tcp_output_nagle(tpcb) (tcp_do_output_nagle(tpcb) ? tcp_output(tpcb) : ERR_OK) + + +-#define TCP_SEQ_LT(a,b) ((s32_t)((u32_t)(a) - (u32_t)(b)) < 0) +-#define TCP_SEQ_LEQ(a,b) ((s32_t)((u32_t)(a) - (u32_t)(b)) <= 0) +-#define TCP_SEQ_GT(a,b) ((s32_t)((u32_t)(a) - (u32_t)(b)) > 0) +-#define TCP_SEQ_GEQ(a,b) ((s32_t)((u32_t)(a) - (u32_t)(b)) >= 0) ++#define TCP_SEQ_LT(a,b) (((u32_t)((u32_t)(a) - (u32_t)(b)) & 0x80000000u) != 0) ++#define TCP_SEQ_LEQ(a,b) (!(TCP_SEQ_LT(b,a))) ++#define TCP_SEQ_GT(a,b) TCP_SEQ_LT(b,a) ++#define TCP_SEQ_GEQ(a,b) TCP_SEQ_LEQ(b,a) + /* is b<=a<=c? */ +-#if 0 /* see bug #10548 */ +-#define TCP_SEQ_BETWEEN(a,b,c) ((c)-(b) >= (a)-(b)) +-#endif + #define TCP_SEQ_BETWEEN(a,b,c) (TCP_SEQ_GEQ(a,b) && TCP_SEQ_LEQ(a,c)) + + #ifndef TCP_TMR_INTERVAL +-- +2.28.0.windows.1 diff --git a/backport-tcp-tighten-up-checks-for-received-SYN.patch b/backport-tcp-tighten-up-checks-for-received-SYN.patch new file mode 100644 index 0000000..0892cbf --- /dev/null +++ b/backport-tcp-tighten-up-checks-for-received-SYN.patch @@ -0,0 +1,58 @@ +From adbc5b5f716d108966bcf606e61de60b83f525a5 Mon Sep 17 00:00:00 2001 +From: Simon Goldschmidt +Date: Thu, 5 Mar 2020 21:20:35 +0100 +Subject: [PATCH] tcp: tighten up checks for received SYN +Any malicous segment could contain a SYN up to now (no check). +A SYN in the wrong segment could break OOSEQ queueing. +Fix this by allowing SYN only in states where it is required. +See bug #56397: Assert "tcp_receive: ooseq tcplen > rcv_wnd" +Signed-off-by: Simon Goldschmidt +Conflict: NA +Reference: https://git.savannah.gnu.org/cgit/lwip.git/commit/?id=adbc5b5f716d108966bcf606e61de60b83f525a5 +--- + src/core/tcp_in.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) +diff --git a/src/core/tcp_in.c b/src/core/tcp_in.c +index 4bfba85f..90061281 100644 +--- a/src/core/tcp_in.c ++++ b/src/core/tcp_in.c +@@ -852,6 +852,13 @@ tcp_process(struct tcp_pcb *pcb) + + tcp_parseopt(pcb); + ++ if (flags & TCP_SYN) { ++ /* accept SYN only in 2 states: */ ++ if ((pcb->state != SYN_SENT) && (pcb->state != SYN_RCVD)) { ++ return ERR_OK; ++ } ++ } ++ + /* Do different things depending on the TCP state. */ + switch (pcb->state) { + case SYN_SENT: +@@ -924,7 +931,12 @@ tcp_process(struct tcp_pcb *pcb) + } + break; + case SYN_RCVD: +- if (flags & TCP_ACK) { ++ if (flags & TCP_SYN) { ++ if (seqno == pcb->rcv_nxt - 1) { ++ /* Looks like another copy of the SYN - retransmit our SYN-ACK */ ++ tcp_rexmit(pcb); ++ } ++ } else if (flags & TCP_ACK) { + /* expected ACK number? */ + if (TCP_SEQ_BETWEEN(ackno, pcb->lastack + 1, pcb->snd_nxt)) { + pcb->state = ESTABLISHED; +@@ -975,9 +987,6 @@ tcp_process(struct tcp_pcb *pcb) + tcp_rst(pcb, ackno, seqno + tcplen, ip_current_dest_addr(), + ip_current_src_addr(), tcphdr->dest, tcphdr->src); + } +- } else if ((flags & TCP_SYN) && (seqno == pcb->rcv_nxt - 1)) { +- /* Looks like another copy of the SYN - retransmit our SYN-ACK */ +- tcp_rexmit(pcb); + } + break; + case CLOSE_WAIT: +-- +2.28.0.windows.1 diff --git a/lwip.spec b/lwip.spec index fc0b16a..050c4a2 100644 --- a/lwip.spec +++ b/lwip.spec @@ -4,11 +4,14 @@ Summary: lwip is a small independent implementation of the TCP/IP protocol suite Name: lwip Version: 2.1.3 -Release: 11 +Release: 12 License: BSD URL: http://savannah.nongnu.org/projects/lwip/ Source0: http://download.savannah.nongnu.org/releases/lwip/%{name}-%{version}.tar.gz +Patch6001: backport-tcp-fix-sequence-number-comparison.patch +Patch6002: backport-tcp-tighten-up-checks-for-received-SYN.patch + Patch9000: 0001-add-makefile.patch Patch9001: 0002-adapt-lstack.patch Patch9002: 0003-fix-the-occasional-coredump-when-the-lwip-exits.patch @@ -61,6 +64,9 @@ cd %{_builddir}/%{name}-%{version}/src %{_libdir}/liblwip.a %changelog +* Fri Jul 8 2022 xiusailong - 2.1.3-12 +- sync two patches from 20.03-LTS-SP1 + * Thu Jul 7 2022 wuchangsheng - 2.1.3-11 - refactor refactor pkt read send performance -- Gitee